Vulnerabilities > AMD > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-21949 | Unspecified vulnerability in AMD Ryzen AI Software Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | 5.5 |
| 2024-08-13 | CVE-2021-26367 | Unspecified vulnerability in AMD products A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. | 6.0 |
| 2024-08-13 | CVE-2023-20510 | Unspecified vulnerability in AMD Radeon Software 23.7.1/23.Q3/23.Q4 An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. | 6.0 |
| 2024-08-13 | CVE-2023-20578 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 6.4 |
| 2024-08-13 | CVE-2023-20584 | Unspecified vulnerability in AMD products IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | 6.0 |
| 2024-08-13 | CVE-2023-31307 | Improper Validation of Array Index vulnerability in AMD Radeon Software 23.7.1/23.Q3 Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. | 4.4 |
| 2024-08-13 | CVE-2023-31339 | Out-of-bounds Read vulnerability in multiple products Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | 5.8 |
| 2024-08-13 | CVE-2023-31341 | Unspecified vulnerability in AMD Uprof Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | 5.5 |
| 2024-08-13 | CVE-2023-31366 | Unspecified vulnerability in AMD Uprof Improper input validation in AMD µProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | 5.5 |
| 2024-08-05 | CVE-2023-31355 | Out-of-bounds Write vulnerability in AMD products Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. | 6.0 |