Vulnerabilidades em AMD
443 resultadosCVE-2024-21978MEDIUMImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakagEPSS 0.5%CVE-2022-23814MEDIUMFailure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confideEPSS 0.5%CVE-2023-20598HIGH
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gainEPSS 0.5%CVE-2023-31347MEDIUMDue to a code bug in
Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a
guest to observe an incorrect TSC when SEPSS 0.5%CVE-2023-20571—A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentiEPSS 0.4%CVE-2024-21980HIGHImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMCEPSS 0.4%CVE-2023-31355MEDIUMImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially alloEPSS 0.4%CVE-2026-40677HIGHThe use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leadEPSS 0.4%CVE-2021-26345LOWFailure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read poEPSS 0.4%CVE-2021-39298—A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMMEPSS 0.4%CVE-2024-36350MEDIUMA transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting iEPSS 0.4%CVE-2021-26406HIGHInsufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES EPSS 0.4%CVE-2021-26356HIGHA TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data cEPSS 0.4%CVE-2021-46792MEDIUMTime-of-check Time-of-use (TOCTOU) in the
BIOS2PSP command may allow an attacker with a malicious BIOS to create a race
condition causing thEPSS 0.4%CVE-2023-20566MEDIUMImproper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.EPSS 0.4%CVE-2021-46762LOWInsufficient input validation in the SMU may
allow an attacker to corrupt SMU SRAM potentially leading to a loss of
integrity or denial of sEPSS 0.3%CVE-2022-23830LOWSMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.EPSS 0.3%CVE-2020-12944—Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.EPSS 0.3%CVE-2021-26313—AMD Speculative Code Store BypassEPSS 0.3%CVE-2021-46744—An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext EPSS 0.3%