Vulnerabilities in AMD
443 resultsCVE-2021-46755HIGHFailure to unmap certain SysHub mappings in
error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker
with a malicious EPSS 0.6%CVE-2021-46765HIGHInsufficient input validation in ASP may allow
an attacker with a compromised SMM to induce out-of-bounds memory reads within
the ASP, potenEPSS 0.6%CVE-2021-26314—AMD Speculative execution with Floating-Point Value InjectionEPSS 0.6%CVE-2023-20525MEDIUMInsufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped reEPSS 0.6%CVE-2023-20527MEDIUMImproper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading toEPSS 0.6%CVE-2022-23824—IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosureEPSS 0.6%CVE-2022-27673HIGHInsufficient access controls in the AMD Link Android app may potentially result in information disclosure.EPSS 0.6%CVE-2021-26365HIGHCertain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service oEPSS 0.6%CVE-2021-46754—Insufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or
ABL to coerce thEPSS 0.6%CVE-2021-46753CRITICALFailure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a
malicious UapEPSS 0.6%CVE-2023-20532MEDIUMInsufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
EPSS 0.6%CVE-2024-56161HIGHImproper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicEPSS 0.5%CVE-2021-46774MEDIUMInsufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, poEPSS 0.5%CVE-2023-20589—fTPM Voltage Fault Injection EPSS 0.5%CVE-2022-23813MEDIUMThe software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest meEPSS 0.5%CVE-2022-23818HIGHInsufficient input validation on the model
specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest
memory integrity.
EPSS 0.5%CVE-2021-26333—AMD Chipset Driver Information Disclosure VulnerabilityEPSS 0.5%CVE-2023-20533MEDIUMInsufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, poEPSS 0.5%CVE-2021-46763HIGHInsufficient input validation in the SMU may
enable a privileged attacker to write beyond the intended bounds of a shared
memory buffer poteEPSS 0.5%CVE-2023-20524HIGHAn attacker with a compromised ASP could
possibly send malformed commands to an ASP on another CPU, resulting in an out
of bounds write, potEPSS 0.5%