CVSS: 9.0EPSS: 0%CPEs: 178EXPL: 0CVE-2023-20558
https://notcve.org/view.php?id=CVE-2023-20558
23 Mar 2023 — Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 9.0EPSS: 0%CPEs: 178EXPL: 0CVE-2023-20559
https://notcve.org/view.php?id=CVE-2023-20559
23 Mar 2023 — Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html • CWE-691: Insufficient Control Flow Management •
CVSS: 4.7EPSS: 0%CPEs: 340EXPL: 0CVE-2022-27672 – kernel: AMD: Cross-Thread Return Address Predictions
https://notcve.org/view.php?id=CVE-2022-27672
14 Feb 2023 — When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. When SMT is enabled, certain AMD processors may speculatively execute instructions using a targ... • https://security.gentoo.org/glsa/202402-07 •
CVSS: 5.5EPSS: 0%CPEs: 504EXPL: 0CVE-2022-23824 – Debian Security Advisory 5378-1
https://notcve.org/view.php?id=CVE-2022-23824
09 Nov 2022 — IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. IBPB no puede evitar que las predicciones de sucursales de retorno sean especificadas por objetivos de sucursales anteriores a IBPB, lo que lleva a una posible divulgación de información. Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected. • http://www.openwall.com/lists/oss-security/2022/11/10/2 •
CVSS: 5.6EPSS: 0%CPEs: 358EXPL: 0CVE-2021-46778
https://notcve.org/view.php?id=CVE-2021-46778
09 Aug 2022 — Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. La contención del planificador de la unidad de ejecución puede conllevar a una vulnerabilidad de canal lateral encontrada en las microarquitecturas de CPU de AMD con nombre en código "Zen 1", "Zen 2" y "Zen... • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 264EXPL: 0CVE-2022-23825 – hw: cpu: AMD: Branch Type Confusion (non-retbleed)
https://notcve.org/view.php?id=CVE-2022-23825
14 Jul 2022 — Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Los alias en el predictor de bifurcación pueden causar que algunos procesadores AMD predigan el tipo de bifurcación incorrecto, conllevando a una divulgación de información A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure. Red Hat Advanced Cluster Manag... • http://www.openwall.com/lists/oss-security/2022/11/08/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 1%CPEs: 250EXPL: 0CVE-2022-29900 – hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
https://notcve.org/view.php?id=CVE-2022-29900
12 Jul 2022 — Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las predicciones de bifurcación mal entrenadas para las instrucciones de retorno pueden permitir la ejecución arbitraria de código especulativo bajo ciertas condiciones dependientes de la microarquitectura A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchi... • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 284EXPL: 0CVE-2022-23823
https://notcve.org/view.php?id=CVE-2022-23823
15 Jun 2022 — A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Una vulnerabilidad potencial en algunos procesadores AMD que usan el escalado de frecuencia puede permitir a un atacante autenticado ejecutar un ataque de tiempo para permitir potencialmente la divulgación de información • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 168EXPL: 0CVE-2021-26339
https://notcve.org/view.php?id=CVE-2021-26339
11 May 2022 — A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. Un bug en la lógica del núcleo de la CPU de AMD puede permitir a un atacante, usando un código específico de una máquina virtual no privilegiada, desencadenar un cuelgue del núcleo de la CPU resultando en una potencial de... • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027 •
CVSS: 6.5EPSS: 0%CPEs: 252EXPL: 0CVE-2021-26341 – hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch
https://notcve.org/view.php?id=CVE-2021-26341
11 Mar 2022 — Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. Algunas CPUs de AMD pueden ejecutar transitoriamente más allá de las ramas directas no condicionales, lo que puede potencialmente resultar en un filtrado de datos A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernet... • http://www.openwall.com/lists/oss-security/2022/03/18/2 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-552: Files or Directories Accessible to External Parties •