CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36347
https://notcve.org/view.php?id=CVE-2024-36347
27 Jun 2025 — Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31345
https://notcve.org/view.php?id=CVE-2023-31345
11 Feb 2025 — Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20508
https://notcve.org/view.php?id=CVE-2023-20508
11 Feb 2025 — Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6008.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31343
https://notcve.org/view.php?id=CVE-2023-31343
11 Feb 2025 — Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31342
https://notcve.org/view.php?id=CVE-2023-31342
11 Feb 2025 — Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 277EXPL: 1CVE-2023-4969 – GPU kernel implementations susceptible to memory leak
https://notcve.org/view.php?id=CVE-2023-4969
16 Jan 2024 — A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Un kernel de GPU puede leer datos confidenciales de otro kernel de GPU (incluso de otro usuario o aplicación) a través de una región de memoria de GPU optimizada llamada _local memory_ en varias arquitecturas. • https://blog.trailofbits.com • CWE-401: Missing Release of Memory after Effective Lifetime •