Vulnerabilities > AMD > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-20579 Unspecified vulnerability in AMD products
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
local
low complexity
amd
6.0
2024-02-13 CVE-2023-31346 Unspecified vulnerability in AMD products
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
local
low complexity
amd
6.0
2024-02-13 CVE-2023-31347 Unspecified vulnerability in AMD products
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.
network
low complexity
amd
4.9
2024-01-16 CVE-2023-4969 Memory Leak vulnerability in multiple products
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
local
low complexity
khronos imaginationtech amd CWE-401
6.5
2023-11-14 CVE-2021-26345 Out-of-bounds Read vulnerability in AMD products
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
network
low complexity
amd CWE-125
4.9
2023-11-14 CVE-2021-46748 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
local
low complexity
intel amd CWE-119
5.5
2023-11-14 CVE-2021-46758 Unspecified vulnerability in AMD products
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity.
low complexity
amd
6.1
2023-11-14 CVE-2021-46766 Incomplete Cleanup vulnerability in AMD products
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
local
low complexity
amd CWE-459
5.5
2023-11-14 CVE-2022-23830 Unspecified vulnerability in AMD products
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
network
low complexity
amd
5.3
2023-11-14 CVE-2023-20521 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
high complexity
amd CWE-367
5.7