Vulnerabilities > AMD > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2021-26341 | Improper Cross-boundary Removal of Sensitive Data vulnerability in AMD products Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | 6.5 |
| 2022-03-11 | CVE-2021-26401 | Unspecified vulnerability in AMD products LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | 5.6 |
| 2022-02-10 | CVE-2021-44850 | Insufficient Verification of Data Authenticity vulnerability in AMD products On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. | 6.8 |
| 2022-02-04 | CVE-2020-12966 | Information Exposure vulnerability in AMD products AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). | 5.5 |
| 2021-12-10 | CVE-2020-12890 | Unspecified vulnerability in AMD Generic Encapsulated Software Architecture Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | 6.7 |
| 2021-11-16 | CVE-2020-12954 | Unspecified vulnerability in AMD products A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. | 5.5 |
| 2021-11-16 | CVE-2021-26320 | Improper Certificate Validation vulnerability in AMD products Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | 5.5 |
| 2021-11-16 | CVE-2021-26321 | Command Injection vulnerability in AMD products Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | 5.5 |
| 2021-11-16 | CVE-2021-26325 | Improper Input Validation vulnerability in AMD products Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | 5.5 |
| 2021-11-16 | CVE-2021-26327 | Exposure of Resource to Wrong Sphere vulnerability in AMD products Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. | 5.5 |