Vulnerabilities in AMD
443 resultsCVE-2025-29949MEDIUMInsufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to wEPSS 0.1%CVE-2025-48518MEDIUMImproper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integEPSS 0.1%CVE-2023-31325HIGHImproper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reservedEPSS 0.1%CVE-2021-26350—A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in EPSS 0.1%CVE-2025-48503HIGHA DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting inEPSS 0.1%CVE-2023-31323HIGHType confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory InterconEPSS 0.1%CVE-2023-20508MEDIUMImproper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled bEPSS 0.1%CVE-2025-54502HIGHIncorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (EPSS 0.1%CVE-2025-61969HIGHIncorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resultiEPSS 0.1%CVE-2025-61972HIGHMissing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMEPSS 0.1%CVE-2023-31326LOWUse of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driveEPSS 0.1%CVE-2024-36319MEDIUMDebug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causinEPSS 0.1%CVE-2023-31322HIGHType confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted EPSS 0.1%CVE-2023-20512LOWA hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug informaEPSS 0.1%CVE-2024-21947HIGHImproper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially reEPSS 0.1%CVE-2025-54509MEDIUMImproper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to causeEPSS 0.1%CVE-2024-21970MEDIUMImproper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentiEPSS 0.1%CVE-2025-48515MEDIUMInsufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwEPSS 0.1%CVE-2024-21971MEDIUMImproper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, rEPSS 0.1%CVE-2025-0040MEDIUMImproper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physEPSS 0.1%