CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20508
https://notcve.org/view.php?id=CVE-2023-20508
11 Feb 2025 — Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31343
https://notcve.org/view.php?id=CVE-2023-31343
11 Feb 2025 — Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31342
https://notcve.org/view.php?id=CVE-2023-31342
11 Feb 2025 — Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html • CWE-20: Improper Input Validation •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20515
https://notcve.org/view.php?id=CVE-2023-20515
11 Feb 2025 — Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21966
https://notcve.org/view.php?id=CVE-2024-21966
11 Feb 2025 — A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21976
https://notcve.org/view.php?id=CVE-2024-21976
12 Nov 2024 — Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21975
https://notcve.org/view.php?id=CVE-2024-21975
12 Nov 2024 — Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21974
https://notcve.org/view.php?id=CVE-2024-21974
12 Nov 2024 — Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21958
https://notcve.org/view.php?id=CVE-2024-21958
12 Nov 2024 — Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9007.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21957
https://notcve.org/view.php?id=CVE-2024-21957
12 Nov 2024 — Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9003.html • CWE-276: Incorrect Default Permissions •