CVSS: 3.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-36348
https://notcve.org/view.php?id=CVE-2024-36348
08 Jul 2025 — A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html • CWE-1420: Exposure of Sensitive Information during Transient Execution •
CVSS: 3.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-36349
https://notcve.org/view.php?id=CVE-2024-36349
08 Jul 2025 — A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html • CWE-1420: Exposure of Sensitive Information during Transient Execution •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36347
https://notcve.org/view.php?id=CVE-2024-36347
27 Jun 2025 — Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0035
https://notcve.org/view.php?id=CVE-2025-0035
13 May 2025 — Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36339
https://notcve.org/view.php?id=CVE-2024-36339
13 May 2025 — A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9014.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21960
https://notcve.org/view.php?id=CVE-2024-21960
13 May 2025 — Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9014.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36336
https://notcve.org/view.php?id=CVE-2024-36336
02 Apr 2025 — Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36328
https://notcve.org/view.php?id=CVE-2024-36328
02 Apr 2025 — Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36337
https://notcve.org/view.php?id=CVE-2024-36337
02 Apr 2025 — Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0014
https://notcve.org/view.php?id=CVE-2025-0014
02 Apr 2025 — Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-276: Incorrect Default Permissions •