CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12912
https://notcve.org/view.php?id=CVE-2020-12912
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. Una vulnerabilidad potencial en la extensión de AMD para el servicio "hwmon" de Linux puede permitir a un atacante utilizar la interfaz RAPL (Running Average Power Limit) basada en Linux para mostrar varios ataques de canal lateral. De acuerdo con los socios de la industria, AMD ha actualizado la interfaz RAPL para requerir acceso privilegiado • https://www.amd.com/en/corporate/product-security • CWE-203: Observable Discrepancy CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12926
https://notcve.org/view.php?id=CVE-2020-12926
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. Es posible que el software de referencia Trusted Platform Modules (TPM) no rastree correctamente la cantidad de veces que ocurre un apagado fallido. • https://www.amd.com/en/corporate/product-security • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12911
https://notcve.org/view.php?id=CVE-2020-12911
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del manejador D3DKMTCreateAllocation de AMD ATIKMDAG.SYS (por ejemplo, versión 26.20.15029.27017). Una petición de la API de D3DKMTCreateAllocation especialmente diseñada puede causar una lectura fuera de límites y una denegación de servicio (BSOD). • https://www.amd.com/en/corporate/product-security • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12928
https://notcve.org/view.php?id=CVE-2020-12928
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. Una vulnerabilidad en un controlador AMD cargado dinámicamente en AMD Ryzen Master versión V15, puede permitir a cualquier usuario autenticado escalar privilegios a NT authority system • https://www.amd.com/en/corporate/product-security • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12933
https://notcve.org/view.php?id=CVE-2020-12933
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del manejador D3DKMTEscape de AMD ATIKMDAG.SYS (por ejemplo, versión 26.20.15029.27017). Una petición de la API de D3DKMTEscape especialmente diseñada puede causar una lectura fuera de límites en el área de memoria del kernel del Sistema Operativo Windows. • https://www.amd.com/en/corporate/product-security • CWE-125: Out-of-bounds Read •