Amd: Security Vulnerabilities
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-08
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
CVSS Score
7.8
EPSS Score
0.084
Published
2023-08-08
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVSS Score
4.7
EPSS Score
0.006
Published
2023-08-08
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-08
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVSS Score
5.5
EPSS Score
0.078
Published
2023-08-08
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-08-08
A potential power side-channel vulnerability in
AMD processors may allow an authenticated attacker to monitor the CPU power
consumption as the data in a cache line changes over time potentially resulting
in a leak of sensitive information.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-08-01
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVSS Score
5.5
EPSS Score
0.059
Published
2023-07-24
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-07-11
Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce the bootloader into exposing sensitive information to the SMU
(System Management Unit) resulting in a potential loss of confidentiality and
integrity.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-09