Vulnerabilities in AMD
443 resultsCVE-2024-36353MEDIUMInsufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentialEPSS 0.1%CVE-2023-20513LOWAn insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) tEPSS 0.1%CVE-2024-36328HIGHInteger overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or avaiEPSS 0.1%CVE-2025-54517HIGHOut of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.EPSS 0.1%CVE-2021-26381HIGHImproper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a larEPSS 0.1%CVE-2021-26410LOWImproper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memoEPSS 0.1%CVE-2021-26387LOWInsufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell tEPSS 0.1%CVE-2025-29950HIGHImproper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary cEPSS 0.1%CVE-2023-20509MEDIUMAn insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, EPSS 0.1%CVE-2023-20507LOWAn integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data inEPSS 0.1%CVE-2023-20510MEDIUMAn insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially reEPSS 0.1%CVE-2024-36331LOWImproper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulEPSS 0.1%CVE-2025-29948MEDIUMImproper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, EPSS 0.1%CVE-2025-29952MEDIUMImproper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP EPSS 0.1%CVE-2025-0037MEDIUMIn AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow acEPSS 0.1%CVE-2025-0032HIGHImproper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcoEPSS 0.1%CVE-2023-31331LOWImproper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stacEPSS 0.1%CVE-2023-31310MEDIUMImproper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set tEPSS 0.1%CVE-2023-20514HIGHImproper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to funEPSS 0.1%CVE-2021-26377MEDIUMInsufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigEPSS 0.1%