| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. |
| Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. |
| Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. |
| Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution. |
| Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution. |
| Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution. |
| Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service. |
| Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity |
| Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity. |
| Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. |
| Insufficient validation within Xilinx Run Time framework could allow a local attacker to escalate privileges from user space to kernel space, potentially compromising confidentiality, integrity, and/or availability. |
| A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability. |
| A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. |
| When SMT is enabled, certain AMD processors may speculatively execute instructions using a target
from the sibling thread after an SMT mode switch potentially resulting in information disclosure. |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability. |
| A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. |
