Vulnerabilities > AMD > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-4969 | Memory Leak vulnerability in multiple products A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | 6.5 |
| 2023-11-14 | CVE-2021-26345 | Out-of-bounds Read vulnerability in AMD products Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | 4.9 |
| 2023-11-14 | CVE-2021-46748 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | 5.5 |
| 2023-11-14 | CVE-2021-46758 | Unspecified vulnerability in AMD products Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. low complexity amd | 6.1 |
| 2023-11-14 | CVE-2021-46766 | Incomplete Cleanup vulnerability in AMD products Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | 5.5 |
| 2023-11-14 | CVE-2022-23830 | Unspecified vulnerability in AMD products SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | 5.3 |
| 2023-11-14 | CVE-2023-20521 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | 5.7 |
| 2023-11-14 | CVE-2023-20526 | Unspecified vulnerability in AMD products Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. low complexity amd | 4.6 |
| 2023-11-14 | CVE-2023-20567 | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |
| 2023-11-14 | CVE-2023-20568 | Improper Verification of Cryptographic Signature vulnerability in multiple products Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 6.7 |