CVSS: 7.0EPSS: 0%CPEs: 128EXPL: 0CVE-2022-23817
https://notcve.org/view.php?id=CVE-2022-23817
13 Aug 2024 — Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 277EXPL: 1CVE-2023-4969 – GPU kernel implementations susceptible to memory leak
https://notcve.org/view.php?id=CVE-2023-4969
16 Jan 2024 — A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Un kernel de GPU puede leer datos confidenciales de otro kernel de GPU (incluso de otro usuario o aplicación) a través de una región de memoria de GPU optimizada llamada _local memory_ en varias arquitecturas. • https://blog.trailofbits.com • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 4%CPEs: 116EXPL: 1CVE-2023-31320
https://notcve.org/view.php?id=CVE-2023-31320
14 Nov 2023 — Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. Una validación de entrada incorrecta en el controlador de pantalla AMD RadeonTM Graphics puede permitir que un atacante dañe la pantalla, lo que podría provocar una denegación de servicio. • https://github.com/whypet/CVE-2023-31320 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20568
https://notcve.org/view.php?id=CVE-2023-20568
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. La verificación inadecuada de la firma del controlador RadeonTM RX Vega M Graphics para Windows puede permitir que un atacante con privilegios de administrador inicie RadeonInstaller.exe sin validar la firma del archivo, lo que podría provocar la ejecución de código ar... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.7EPSS: 0%CPEs: 126EXPL: 0CVE-2023-20567
https://notcve.org/view.php?id=CVE-2023-20567
14 Nov 2023 — Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. La verificación inadecuada de la firma del controlador RadeonTM RX Vega M Graphics para Windows puede permitir que un atacante con privilegios de administrador inicie AMDSoftwareInstaller.exe sin validar la firma del archivo, lo que podría provocar la ejecución de... • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 126EXPL: 0CVE-2021-46748
https://notcve.org/view.php?id=CVE-2021-46748
14 Nov 2023 — Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. Una verificación de límites insuficiente en el ASP (AMD Secure Processor) puede permitir que un atacante acceda a la memoria fuera de los límites de lo permitido para una TA (Trusted Application), lo que resulta en una posible denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 244EXPL: 0CVE-2023-20589 – fTPM Voltage Fault Injection
https://notcve.org/view.php?id=CVE-2023-20589
08 Aug 2023 — An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •
CVSS: 6.5EPSS: 6%CPEs: 145EXPL: 2CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
24 Jul 2023 — An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensiti... • https://github.com/sbaresearch/stop-zenbleed-win • CWE-209: Generation of Error Message Containing Sensitive Information CWE-1239: Improper Zeroization of Hardware Register •
CVSS: 9.0EPSS: 0%CPEs: 178EXPL: 0CVE-2023-20558
https://notcve.org/view.php?id=CVE-2023-20558
23 Mar 2023 — Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 9.0EPSS: 0%CPEs: 178EXPL: 0CVE-2023-20559
https://notcve.org/view.php?id=CVE-2023-20559
23 Mar 2023 — Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html • CWE-691: Insufficient Control Flow Management •