Lucene search

K

Ryzen Security Vulnerabilities

cve
cve

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-06-18 07:15 PM
26
cve
cve

CVE-2023-20579

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...

6.7AI Score

0.0004EPSS

2024-02-13 08:15 PM
57
cve
cve

CVE-2021-46757

Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege...

9.2AI Score

0.0004EPSS

2024-02-13 08:15 PM
17
cve
cve

CVE-2023-4969

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called local memory on various...

6.5CVSS

6.2AI Score

0.001EPSS

2024-01-16 05:15 PM
42
cve
cve

CVE-2023-31320

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of...

7.5CVSS

7.3AI Score

0.0005EPSS

2023-11-14 07:15 PM
26
cve
cve

CVE-2023-20596

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code...

9.8CVSS

9.6AI Score

0.001EPSS

2023-11-14 07:15 PM
26
cve
cve

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of...

5.7CVSS

6.1AI Score

0.0005EPSS

2023-11-14 07:15 PM
35
cve
cve

CVE-2023-20563

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...

7.8CVSS

8.7AI Score

0.0004EPSS

2023-11-14 07:15 PM
34
cve
cve

CVE-2023-20533

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...

7.5CVSS

7.5AI Score

0.001EPSS

2023-11-14 07:15 PM
36
cve
cve

CVE-2023-20568

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code...

6.7CVSS

7AI Score

0.0004EPSS

2023-11-14 07:15 PM
19
cve
cve

CVE-2023-20526

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of...

4.6CVSS

5.9AI Score

0.001EPSS

2023-11-14 07:15 PM
26
cve
cve

CVE-2023-20567

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code...

6.7CVSS

7AI Score

0.0004EPSS

2023-11-14 07:15 PM
20
cve
cve

CVE-2023-20571

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege...

8.1CVSS

6.8AI Score

0.001EPSS

2023-11-14 07:15 PM
26
cve
cve

CVE-2023-20565

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...

7.8CVSS

8.7AI Score

0.0004EPSS

2023-11-14 07:15 PM
29
cve
cve

CVE-2022-23821

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code...

9.8CVSS

9.5AI Score

0.001EPSS

2023-11-14 07:15 PM
59
cve
cve

CVE-2021-46774

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...

7.5CVSS

7.8AI Score

0.001EPSS

2023-11-14 07:15 PM
22
cve
cve

CVE-2021-46766

Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of...

5.5CVSS

6.1AI Score

0.0004EPSS

2023-11-14 07:15 PM
19
cve
cve

CVE-2021-46748

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of...

5.5CVSS

5.9AI Score

0.0004EPSS

2023-11-14 07:15 PM
22
cve
cve

CVE-2022-23820

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...

9.8CVSS

8.5AI Score

0.013EPSS

2023-11-14 07:15 PM
30
cve
cve

CVE-2021-46758

Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and...

6.1CVSS

6.6AI Score

0.0004EPSS

2023-11-14 07:15 PM
27
cve
cve

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE...

9.8CVSS

9.6AI Score

0.001EPSS

2023-11-01 10:15 PM
30
cve
cve

CVE-2023-20598

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-10-17 02:15 PM
36
cve
cve

CVE-2023-44216

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes...

5.3CVSS

5.3AI Score

0.001EPSS

2023-09-27 03:19 PM
31
cve
cve

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

5.5CVSS

5AI Score

0.0004EPSS

2023-09-20 06:15 PM
22
cve
cve

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

4.4CVSS

4.5AI Score

0.0004EPSS

2023-09-20 06:15 PM
22
cve
cve

CVE-2023-20564

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...

6.7CVSS

6.4AI Score

0.0004EPSS

2023-08-15 10:15 PM
24
cve
cve

CVE-2023-20560

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...

4.4CVSS

4.9AI Score

0.0004EPSS

2023-08-15 10:15 PM
21
cve
cve

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...

5.5CVSS

6.7AI Score

0.001EPSS

2023-08-08 06:15 PM
185
cve
cve

CVE-2023-20589

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...

6.8CVSS

6.7AI Score

0.001EPSS

2023-08-08 06:15 PM
22
cve
cve

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...

4.7CVSS

6.6AI Score

0.0004EPSS

2023-08-08 06:15 PM
187
cve
cve

CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-08-08 06:15 PM
31
cve
cve

CVE-2023-20593

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive...

5.5CVSS

6.9AI Score

0.001EPSS

2023-07-24 08:15 PM
230
cve
cve

CVE-2021-46794

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

7.5CVSS

7.8AI Score

0.001EPSS

2023-05-09 08:15 PM
19
cve
cve

CVE-2021-46754

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and...

9.1CVSS

9.1AI Score

0.002EPSS

2023-05-09 08:15 PM
28
cve
cve

CVE-2021-46756

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of...

9.1CVSS

9.1AI Score

0.001EPSS

2023-05-09 08:15 PM
25
cve
cve

CVE-2021-46759

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a...

6.1CVSS

6.6AI Score

0.001EPSS

2023-05-09 08:15 PM
20
cve
cve

CVE-2021-46773

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code...

8.8CVSS

8.8AI Score

0.001EPSS

2023-05-09 08:15 PM
16
cve
cve

CVE-2021-46765

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of...

7.5CVSS

7.7AI Score

0.001EPSS

2023-05-09 08:15 PM
25
cve
cve

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of...

7.5CVSS

8.3AI Score

0.001EPSS

2023-05-09 08:15 PM
14
cve
cve

CVE-2021-46792

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of...

5.9CVSS

6.5AI Score

0.001EPSS

2023-05-09 08:15 PM
22
cve
cve

CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code...

9.8CVSS

9.4AI Score

0.003EPSS

2023-05-09 08:15 PM
15
cve
cve

CVE-2021-46753

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...

9.1CVSS

9.1AI Score

0.001EPSS

2023-05-09 07:15 PM
20
cve
cve

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...

5.5CVSS

7.2AI Score

0.0004EPSS

2023-05-09 07:15 PM
36
cve
cve

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...

8.2CVSS

8.7AI Score

0.001EPSS

2023-05-09 07:15 PM
17
cve
cve

CVE-2021-46749

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

7.5CVSS

7.8AI Score

0.001EPSS

2023-05-09 07:15 PM
18
cve
cve

CVE-2021-26406

Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of...

7.5CVSS

8.4AI Score

0.001EPSS

2023-05-09 07:15 PM
19
cve
cve

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...

5.5CVSS

7.1AI Score

0.0004EPSS

2023-05-09 07:15 PM
22
cve
cve

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...

7.4CVSS

8.4AI Score

0.002EPSS

2023-05-09 07:15 PM
22
cve
cve

CVE-2023-20559

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of...

8.8CVSS

8.6AI Score

0.001EPSS

2023-04-02 09:15 PM
22
cve
cve

CVE-2023-20558

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of...

8.8CVSS

8.6AI Score

0.001EPSS

2023-04-02 09:15 PM
43
Total number of security vulnerabilities117