Filtered by vendor Amd
Subscriptions
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31309 | 1 Amd | 4 Radeon Pro V520, Radeon Pro V620, Radeon Pro W6000 Series and 1 more | 2026-05-17 | N/A |
| Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. | ||||
| CVE-2025-0040 | 1 Amd | 4 Ryzen 7040 Series Mobile Processors With Radeon Graphics, Ryzen 8000 Series Desktop Processors, Ryzen 8040 Series Mobile Processors With Radeon Graphics and 1 more | 2026-05-17 | N/A |
| Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality. | ||||
| CVE-2026-0428 | 1 Amd | 4 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 1 more | 2026-05-17 | N/A |
| Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior. | ||||
| CVE-2024-36334 | 1 Amd | 1 Radeon Rx 7000 Series | 2026-05-17 | N/A |
| Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. | ||||
| CVE-2025-66660 | 1 Amd | 12 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 9 more | 2026-05-15 | N/A |
| Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior. | ||||
| CVE-2024-36332 | 1 Amd | 1 Radeon Pro V710 | 2026-05-15 | N/A |
| Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition. | ||||
| CVE-2025-54517 | 1 Amd | 8 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 5 more | 2026-05-15 | N/A |
| Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. | ||||
| CVE-2025-29938 | 1 Amd | 4 Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics, Ryzen 8040 Series Mobile Processors With Radeon Graphics and 1 more | 2026-05-15 | N/A |
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. | ||||
| CVE-2026-0427 | 1 Amd | 4 Instinct Mi210, Instinct Mi300x, Instinct Mi325x and 1 more | 2026-05-15 | N/A |
| Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability. | ||||
| CVE-2025-0044 | 1 Amd | 8 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro W7000 Series, Radeon Rx 7000 Series and 5 more | 2026-05-15 | N/A |
| An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | ||||
| CVE-2023-31317 | 1 Amd | 6 Instinct Mi210, Instinct Mi250, Radeon Pro W6000 Series and 3 more | 2026-05-15 | N/A |
| Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. | ||||
| CVE-2024-36323 | 1 Amd | 6 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 3 more | 2026-05-15 | N/A |
| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | ||||
| CVE-2025-52532 | 1 Amd | 8 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 5 more | 2026-05-15 | N/A |
| A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context. | ||||
| CVE-2024-21950 | 1 Amd | 4 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 1 more | 2026-05-15 | N/A |
| An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2026-0481 | 1 Amd | 6 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 3 more | 2026-05-15 | N/A |
| Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability | ||||
| CVE-2025-54518 | 1 Amd | 11 Epyc 7002 Series Processors, Epyc Embedded 7002 Series Processors, Ryzen 3000 Series Desktop Processors and 8 more | 2026-05-15 | N/A |
| Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation. | ||||
| CVE-2022-23817 | 1 Amd | 128 Athlon 3000g Firmware, Athlon Gold 3150ge Firmware, Athlon Gold Pro 3150g Firmware and 125 more | 2026-05-15 | N/A |
| Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation. | ||||
| CVE-2024-36315 | 1 Amd | 14 Epyc 4004 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 11 more | 2026-05-13 | N/A |
| Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality. | ||||
| CVE-2025-62624 | 1 Amd | 1 Esxi 8.x And Esxi 9.x Hosts Using Amd-pensando Dpu Products | 2026-05-13 | N/A |
| A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-62623 | 1 Amd | 1 Esxi 8.x And Esxi 9.x Hosts Using Amd-pensando Dpu Products | 2026-05-13 | N/A |
| A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||