CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36347
https://notcve.org/view.php?id=CVE-2024-36347
27 Jun 2025 — Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0035
https://notcve.org/view.php?id=CVE-2025-0035
13 May 2025 — Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36339
https://notcve.org/view.php?id=CVE-2024-36339
13 May 2025 — A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9014.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21960
https://notcve.org/view.php?id=CVE-2024-21960
13 May 2025 — Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9014.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36336
https://notcve.org/view.php?id=CVE-2024-36336
02 Apr 2025 — Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36328
https://notcve.org/view.php?id=CVE-2024-36328
02 Apr 2025 — Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36337
https://notcve.org/view.php?id=CVE-2024-36337
02 Apr 2025 — Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0014
https://notcve.org/view.php?id=CVE-2025-0014
02 Apr 2025 — Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36353
https://notcve.org/view.php?id=CVE-2024-36353
02 Mar 2025 — Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21971
https://notcve.org/view.php?id=CVE-2024-21971
12 Feb 2025 — Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html • CWE-20: Improper Input Validation •