Search Results (432 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0034 1 Amd 2 Instinct Mi300x, Instinct Mi325x 2026-04-15 4.7 Medium
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.
CVE-2025-29934 1 Amd 8 Epyc, Epyc 8004, Epyc 9004 and 5 more 2026-04-15 5.3 Medium
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.
CVE-2025-29951 1 Amd 4 Ryzen 5000 Series Mobile Processors With Radeon Graphics, Ryzen Embedded R1000 Series Processors, Ryzen Embedded R2000 Series Processors and 1 more 2026-04-15 N/A
A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2024-36310 1 Amd 15 Epyc 9004 Series Processors, Epyc 9005 Series Processors, Epyc Embedded 9004 Series Processors and 12 more 2026-04-15 N/A
Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.
CVE-2023-31326 1 Amd 8 Instinct Mi210, Instinct Mi250, Radeon Pro V710 and 5 more 2026-04-15 2.8 Low
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.
CVE-2025-0009 1 Amd 9 Athlon, Radeon Pro V520, Radeon Pro V620 and 6 more 2026-04-15 5.5 Medium
A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.
CVE-2025-0007 1 Amd 1 Xilinx Run Time 2026-04-15 5.7 Medium
Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability.
CVE-2024-21970 1 Amd 9 Athlon, Athlon 3000, Ryzen and 6 more 2026-04-15 4.4 Medium
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
CVE-2024-36311 1 Amd 5 Ryzen 5000 Series Desktop Processors, Ryzen 7000 Series Desktop Processors, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more 2026-04-15 N/A
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.
CVE-2023-31306 1 Amd 7 Radeon, Radeon Pro V520, Radeon Pro V620 and 4 more 2026-04-15 3.3 Low
Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
CVE-2024-2193 2 Amd, Xen 2 Cpu, Xen 2026-04-15 5.7 Medium
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2025-0033 1 Amd 3 Epyc, Epyc 7003, Epyc 9005 2026-04-15 6 Medium
Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
CVE-2021-26410 1 Amd 15 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 12 more 2026-04-15 N/A
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
CVE-2023-31365 1 Amd 3 Radeon Pro V710, Radeon Pro W7000, Radeon Rx 7000 2026-04-15 3.9 Low
An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability.
CVE-2021-26381 1 Amd 17 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 14 more 2026-04-15 N/A
Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.
CVE-2025-0005 1 Amd 1 Xilinx Run Time 2026-04-15 7.3 High
Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
CVE-2025-48507 2 Amd, Arm 3 Kria Som, Zynq Ultrascale+, Trusted Firmware-a 2026-04-15 N/A
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.
CVE-2025-48517 1 Amd 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors 2026-04-15 N/A
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
CVE-2023-31313 1 Amd 2 Instinct Mi210, Instinct Mi250 2026-04-15 7.2 High
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
CVE-2025-52534 1 Amd 1 Epyc 9005 Series Processors 2026-04-15 N/A
Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.