Search Results (432 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36354 1 Amd 11 Athlon, Athlon 3000, Epyc and 8 more 2026-04-15 7.5 High
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
CVE-2025-48507 2 Amd, Arm 3 Kria Som, Zynq Ultrascale+, Trusted Firmware-a 2026-04-15 N/A
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.
CVE-2023-31306 1 Amd 7 Radeon, Radeon Pro V520, Radeon Pro V620 and 4 more 2026-04-15 3.3 Low
Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
CVE-2021-46750 1 Amd 11 Athlon, Athlon 3000, Radeon Pro V620 and 8 more 2026-04-15 3 Low
Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity.
CVE-2024-21923 1 Amd 1 Storemi 2026-04-15 7.3 High
Incorrect default permissions in AMD StoreMIā„¢ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21947 1 Amd 8 Athlon, Athlon 3000, Ryzen and 5 more 2026-04-15 7.5 High
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
CVE-2024-36342 1 Amd 10 Athlon, Athlon 3000, Instinct Mi210 and 7 more 2026-04-15 8.8 High
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
CVE-2025-29948 1 Amd 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors 2026-04-15 N/A
Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
CVE-2023-31313 1 Amd 2 Instinct Mi210, Instinct Mi250 2026-04-15 7.2 High
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
CVE-2025-0003 1 Amd 1 Xilinx Run Time 2026-04-15 7.3 High
Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability
CVE-2025-0005 1 Amd 1 Xilinx Run Time 2026-04-15 7.3 High
Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
CVE-2025-29943 1 Amd 6 Epyc, Epyc 8004, Epyc 9004 and 3 more 2026-04-15 3.2 Low
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
CVE-2021-26410 1 Amd 15 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 12 more 2026-04-15 N/A
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure.
CVE-2024-2193 2 Amd, Xen 2 Cpu, Xen 2026-04-15 5.7 Medium
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
CVE-2025-0007 1 Amd 1 Xilinx Run Time 2026-04-15 5.7 Medium
Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability.
CVE-2024-36311 1 Amd 5 Ryzen 5000 Series Desktop Processors, Ryzen 7000 Series Desktop Processors, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more 2026-04-15 N/A
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.
CVE-2021-26377 1 Amd 11 Athlon, Athlon 3000, Radeon Instinct Mi25 and 8 more 2026-04-15 4.1 Medium
Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.
CVE-2023-31330 1 Amd 8 Athlon, Athlon 3000, Ryzen 3000 and 5 more 2026-04-15 2.5 Low
An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.
CVE-2024-36346 1 Amd 2 Instinct Mi300a, Instinct Mi300x 2026-04-15 6 Medium
Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition.
CVE-2025-0029 1 Amd 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors 2026-04-15 N/A
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity