CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36353
https://notcve.org/view.php?id=CVE-2024-36353
02 Mar 2025 — Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html • CWE-459: Incomplete Cleanup •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31307
https://notcve.org/view.php?id=CVE-2023-31307
13 Aug 2024 — Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 4%CPEs: 116EXPL: 1CVE-2023-31320
https://notcve.org/view.php?id=CVE-2023-31320
14 Nov 2023 — Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. Una validación de entrada incorrecta en el controlador de pantalla AMD RadeonTM Graphics puede permitir que un atacante dañe la pantalla, lo que podría provocar una denegación de servicio. • https://github.com/whypet/CVE-2023-31320 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20568
https://notcve.org/view.php?id=CVE-2023-20568
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. La verificación inadecuada de la firma del controlador RadeonTM RX Vega M Graphics para Windows puede permitir que un atacante con privilegios de administrador inicie RadeonInstaller.exe sin validar la firma del archivo, lo que podría provocar la ejecución de código ar... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20567
https://notcve.org/view.php?id=CVE-2023-20567
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. La verificación inadecuada de la firma del controlador RadeonTM RX Vega M Graphics para Windows puede permitir que un atacante con privilegios de administrador inicie AMDSoftwareInstaller.exe sin validar la firma del archivo, lo que podría provocar la ejecución de... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 126EXPL: 0CVE-2021-46748
https://notcve.org/view.php?id=CVE-2021-46748
14 Nov 2023 — Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. Una verificación de límites insuficiente en el ASP (AMD Secure Processor) puede permitir que un atacante acceda a la memoria fuera de los límites de lo permitido para una TA (Trusted Application), lo que resulta en una posible denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 110EXPL: 1CVE-2023-20598
https://notcve.org/view.php?id=CVE-2023-20598
17 Oct 2023 — An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. Una gestión de privilegios inadecuada en el controlador de gráficos AMD Radeon™ puede permitir que un atacante autenticado cree una solicitud IOCTL para obtener control de E/S sobre puertos de hardware o direcciones físicas arbitrarias, lo que resulta en una ... • https://github.com/H4rk3nz0/CVE-2023-20598-PDFWKRNL • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20586 – Radeon™ Software Crimson ReLive Edition
https://notcve.org/view.php?id=CVE-2023-20586
08 Aug 2023 — A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007 •
CVSS: 7.8EPSS: 0%CPEs: 252EXPL: 0CVE-2021-26392
https://notcve.org/view.php?id=CVE-2021-26392
09 Nov 2022 — Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. Una verificación insuficiente del tamaño faltante en 'LoadModule' puede provocar una escritura fuera de límites que podría permitir que un atacante con privilegios obtenga la ejecución de código del sistema operativo/kernel cargando un TA malicioso. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2021-26360
https://notcve.org/view.php?id=CVE-2021-26360
09 Nov 2022 — An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. Un atacante con acceso local al sistema puede realizar modificaciones no autorizadas en la configuración de seguridad de los registros SOC. Esto podría permitir una posible corrupción del contenido de la memoria cifrada del procesador segu... • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029 •