Vulnerabilidades en AMD
443 resultadosCVE-2025-29946MEDIUMInsufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a lossEPSS 0.1%CVE-2021-26368—Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unEPSS 0.1%CVE-2024-21977LOWIncomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potEPSS 0.1%CVE-2023-31358HIGHA DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting inEPSS 0.1%CVE-2021-46750LOWFailure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messageEPSS 0.1%CVE-2026-0438MEDIUMA System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker couEPSS 0.1%CVE-2025-29951HIGHA buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privileEPSS 0.1%CVE-2023-31359HIGHIncorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting inEPSS 0.1%CVE-2021-46795MEDIUMA TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memoryEPSS 0.1%CVE-2024-21981MEDIUMImproper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access who has gained arbitrary code
execution priEPSS 0.1%CVE-2025-0012MEDIUMImproper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged EPSS 0.1%CVE-2025-48517MEDIUMInsufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guesEPSS 0.1%CVE-2025-29939MEDIUMImproper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) duEPSS 0.1%CVE-2024-36340MEDIUMA junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting EPSS 0.1%CVE-2025-52536MEDIUMImproper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting iEPSS 0.1%CVE-2025-48514MEDIUMInsufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potEPSS 0.1%CVE-2023-31305LOWGeneration of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to rEPSS 0.1%CVE-2024-36315MEDIUMImproper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensEPSS 0.1%CVE-2024-36320HIGHInteger Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentialEPSS 0.1%CVE-2023-31341HIGHInsufficient
validation of the Input Output Control (IOCTL) input buffer in AMD μProf may
allow an authenticated attacker to cause an out-ofEPSS 0.1%