Vulnerabilities
Vulnerable Software
Amd:  Security Vulnerabilities
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
CVSS Score
4.4
EPSS Score
0.002
Published
2023-01-11
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-01-11
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-01-11
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.
CVSS Score
5.7
EPSS Score
0.005
Published
2022-12-20
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-15
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-11-09
Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-11-09
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
CVSS Score
5.5
EPSS Score
0.006
Published
2022-11-09
Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-11-09
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-11-09


Contact Us

Shodan ® - All rights reserved