Filtered by vendor Amd
Subscriptions
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48510 | 1 Amd | 1 Uprof | 2025-11-26 | 7.1 High |
| Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2025-48511 | 1 Amd | 1 Uprof | 2025-11-26 | 5.5 Medium |
| Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | ||||
| CVE-2025-0007 | 1 Amd | 1 Xilinx Run Time | 2025-11-26 | 5.7 Medium |
| Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability. | ||||
| CVE-2025-0005 | 1 Amd | 1 Xilinx Run Time | 2025-11-26 | 7.3 High |
| Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service. | ||||
| CVE-2025-52538 | 1 Amd | 1 Xilinx Run Time | 2025-11-26 | 8 High |
| Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2025-29934 | 1 Amd | 8 Epyc, Epyc 8004, Epyc 9004 and 5 more | 2025-11-25 | 5.3 Medium |
| A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity. | ||||
| CVE-2024-21923 | 1 Amd | 1 Storemi | 2025-11-25 | 7.3 High |
| Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2024-21922 | 1 Amd | 1 Storemi | 2025-11-25 | 7.3 High |
| A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-39705 | 2 Amd, Linux | 2 Graphics Driver, Linux Kernel | 2025-11-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(). When display control context (dc->ctx) construction fails (due to memory allocation failure), this pointer remains NULL. During subsequent error handling when dc_destruct() is called, there's no NULL check before dereferencing the perf_trace member (dc->ctx->perf_trace), causing a kernel null pointer dereference crash. [How] Check if dc->ctx is non-NULL before dereferencing. (Updated commit text and removed unnecessary error message) (cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404) | ||||
| CVE-2024-36331 | 1 Amd | 3 Epyc, Epyc 9004, Epyc Embedded 9004 | 2025-11-03 | 3.2 Low |
| Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. | ||||
| CVE-2025-0033 | 1 Amd | 3 Epyc, Epyc 7003, Epyc 9005 | 2025-10-21 | 6 Medium |
| Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity. | ||||
| CVE-2025-0038 | 1 Amd | 1 Zynq Ultrascale+ | 2025-10-08 | 6.6 Medium |
| In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality. | ||||
| CVE-2025-54520 | 1 Amd | 2 Artix 7-series Fpga, Kintex 7-series Fpga | 2025-09-26 | N/A |
| Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. | ||||
| CVE-2024-21927 | 1 Amd | 1 Instinct Mi300x | 2025-09-25 | 5 Medium |
| Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. | ||||
| CVE-2024-21935 | 1 Amd | 2 Instinct Mi300x, Satellite Management Controller | 2025-09-25 | 5 Medium |
| Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption. | ||||
| CVE-2024-21970 | 1 Amd | 9 Athlon, Athlon 3000, Ryzen and 6 more | 2025-09-09 | 4.4 Medium |
| Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. | ||||
| CVE-2023-31351 | 1 Amd | 4 Epyc, Epyc 7003, Epyc 8004 and 1 more | 2025-09-09 | 5.3 Medium |
| Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity. | ||||
| CVE-2023-31326 | 1 Amd | 8 Instinct Mi210, Instinct Mi250, Radeon Pro V710 and 5 more | 2025-09-08 | 2.8 Low |
| Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. | ||||
| CVE-2023-31330 | 1 Amd | 8 Athlon, Athlon 3000, Ryzen 3000 and 5 more | 2025-09-08 | 2.5 Low |
| An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality. | ||||
| CVE-2025-0010 | 1 Amd | 10 Athlon, Graphics Driver, Instinct Mi200 and 7 more | 2025-09-08 | 6.1 Medium |
| An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. | ||||