Vulnerabilities > AMD > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-20561 Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
local
low complexity
amd
5.5
2023-08-08 CVE-2023-20569 Information Exposure Through Discrepancy vulnerability in multiple products
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction.
local
high complexity
fedoraproject debian amd microsoft CWE-203
4.7
2023-08-08 CVE-2023-20588 Divide By Zero vulnerability in multiple products
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
local
low complexity
debian amd xen fedoraproject microsoft CWE-369
5.5
2023-08-08 CVE-2023-20589 Unspecified vulnerability in AMD products
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
low complexity
amd
6.8
2023-08-01 CVE-2023-20583 Information Exposure Through Discrepancy vulnerability in AMD *
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.
local
high complexity
amd CWE-203
4.7
2023-07-24 CVE-2023-20593 An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
local
low complexity
xen debian amd
5.5
2023-07-11 CVE-2023-20575 Information Exposure Through Discrepancy vulnerability in AMD products
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
network
low complexity
amd CWE-203
6.5
2023-05-09 CVE-2021-46759 Out-of-bounds Write vulnerability in AMD products
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.
low complexity
amd CWE-787
6.1
2023-05-09 CVE-2021-46792 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.
network
high complexity
amd CWE-367
5.9
2023-05-09 CVE-2021-26354 Classic Buffer Overflow vulnerability in AMD products
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
local
low complexity
amd CWE-120
5.5