| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27677 |
269 |
|
Exec Code |
2023-03-01 |
2023-03-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. |
|
2 |
CVE-2022-27673 |
|
|
|
2022-11-09 |
2022-11-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. |
|
3 |
CVE-2021-26400 |
|
|
|
2022-05-11 |
2022-05-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. |
|
4 |
CVE-2021-26369 |
119 |
|
Overflow |
2022-05-12 |
2022-06-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. |
|
5 |
CVE-2021-26366 |
668 |
|
+Priv |
2022-05-12 |
2022-06-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. |
|
6 |
CVE-2021-26363 |
668 |
|
|
2022-05-12 |
2022-06-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. |
|
7 |
CVE-2021-26362 |
|
|
|
2022-05-12 |
2022-06-08 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. |
|
8 |
CVE-2021-26361 |
668 |
|
|
2022-05-12 |
2022-06-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. |
|
9 |
CVE-2021-26333 |
909 |
|
+Info |
2021-09-21 |
2022-04-26 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. |
|
10 |
CVE-2021-26317 |
668 |
|
Exec Code |
2022-05-12 |
2022-06-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. |
|
11 |
CVE-2021-26311 |
77 |
|
Exec Code |
2021-05-13 |
2021-05-25 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. |
|
12 |
CVE-2020-12967 |
77 |
|
Exec Code |
2021-05-13 |
2021-05-25 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor. |
|
13 |
CVE-2020-12964 |
|
|
DoS +Info |
2021-11-15 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. |
|
14 |
CVE-2020-12933 |
125 |
|
DoS |
2020-10-13 |
2020-10-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. |
|
15 |
CVE-2020-12928 |
|
|
|
2020-10-13 |
2021-11-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. |
|
16 |
CVE-2020-12927 |
|
|
|
2020-11-12 |
2020-11-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. |
|
17 |
CVE-2020-12926 |
367 |
|
DoS |
2020-11-12 |
2020-11-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. |
|
18 |
CVE-2020-12920 |
|
|
DoS |
2021-11-15 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. |
|
19 |
CVE-2020-12912 |
203 |
|
|
2020-11-12 |
2020-12-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. |
|
20 |
CVE-2020-12911 |
125 |
|
DoS |
2020-10-13 |
2020-10-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. |
|
21 |
CVE-2020-12891 |
427 |
|
|
2022-02-04 |
2022-02-09 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. |
|
22 |
CVE-2020-12890 |
|
|
Exec Code |
2021-12-10 |
2021-12-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. |
|
23 |
CVE-2020-12138 |
269 |
|
|
2020-04-27 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. |
|
24 |
CVE-2020-6103 |
787 |
|
Exec Code |
2020-07-20 |
2020-07-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). |
|
25 |
CVE-2020-6102 |
787 |
|
Exec Code |
2020-07-20 |
2022-04-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). |
|
26 |
CVE-2020-6101 |
787 |
|
Exec Code |
2020-07-20 |
2020-07-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). |
|
27 |
CVE-2020-6100 |
787 |
|
Mem. Corr. |
2020-07-20 |
2020-07-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape - as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). This vulnerability was triggered from HYPER-V guest using RemoteFX feature leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). |
|
28 |
CVE-2019-7247 |
732 |
|
Exec Code |
2020-05-18 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. |
|
29 |
CVE-2019-7246 |
732 |
|
Exec Code |
2020-05-18 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. |
|
30 |
CVE-2017-7262 |
20 |
|
DoS |
2017-03-25 |
2017-03-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. |
|
31 |
CVE-2017-5927 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
32 |
CVE-2017-5926 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
33 |
CVE-2017-5925 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
34 |
CVE-2015-7724 |
59 |
|
+Priv |
2017-06-07 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. |
|
35 |
CVE-2015-7723 |
59 |
|
+Priv |
2017-06-07 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. |
