CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21949
https://notcve.org/view.php?id=CVE-2024-21949
12 Nov 2024 — Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21946
https://notcve.org/view.php?id=CVE-2024-21946
12 Nov 2024 — Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21945
https://notcve.org/view.php?id=CVE-2024-21945
12 Nov 2024 — Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21939
https://notcve.org/view.php?id=CVE-2024-21939
12 Nov 2024 — Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9006.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21938
https://notcve.org/view.php?id=CVE-2024-21938
12 Nov 2024 — Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21937
https://notcve.org/view.php?id=CVE-2024-21937
12 Nov 2024 — Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31349
https://notcve.org/view.php?id=CVE-2023-31349
13 Aug 2024 — Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Incorrect default permissions in the AMD ?Prof installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31348
https://notcve.org/view.php?id=CVE-2023-31348
13 Aug 2024 — A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31341
https://notcve.org/view.php?id=CVE-2023-31341
13 Aug 2024 — Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2024-21981
https://notcve.org/view.php?id=CVE-2024-21981
13 Aug 2024 — Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-639: Authorization Bypass Through User-Controlled Key •