cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-31310,https://securityvulnerability.io/vulnerability/CVE-2023-31310,Firmware Vulnerability Could Lead to Integrity and Availability Losses,"The vulnerability arises from improper input validation within AMD's Power Management Firmware (PMFW). This flaw could allow an attacker with sufficient privileges to send malformed input to the 'set temperature input selection' command. Exploiting this vulnerability could lead to a compromise of data integrity and possibly disrupt the availability of the system, making it critical for users and administrators to be aware of the risks associated with the outdated firmware.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:54:05.783Z,0
CVE-2023-31307,https://securityvulnerability.io/vulnerability/CVE-2023-31307,Out-of-Bounds Memory Read Vulnerability in PMFW Could Lead to Denial of Service,"An improper validation vulnerability exists within the Power Management Firmware used in AMD products. A privileged attacker can exploit this weakness to initiate an out-of-bounds memory read. This can potentially disrupt services, leading to a denial of service condition. Users of the firmware should be aware of the implications of this vulnerability and consider measures to mitigate the risks associated with it.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:54:03.514Z,0
CVE-2023-31304,https://securityvulnerability.io/vulnerability/CVE-2023-31304,Potential Loss of Availability Due to Improper Input Validation in SMU,"The vulnerability in AMD's System Management Unit (SMU) arises from improper input validation, which can be exploited by an attacker with privileges who has compromised a physical function (PF). This flaw allows the manipulation of PCIe lane count and speed settings, which could lead to significant availability issues. Organizations utilizing affected AMD components must take precautionary measures to mitigate potential risks and ensure system integrity.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",2.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:53:44.552Z,0
CVE-2023-31305,https://securityvulnerability.io/vulnerability/CVE-2023-31305,Weak Initialization Vector Generations May Lead to Information Disclosure,"The Power Management Firmware developed by AMD is affected by a vulnerability related to the generation of weak and predictable Initialization Vector (IV). An attacker with the necessary privileges can exploit this weakness by reusing IV values, enabling them to potentially reverse-engineer sensitive debug data. This could lead to unauthorized access to confidential information and pose a significant threat to system integrity.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",1.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:53:42.810Z,0
CVE-2023-20513,https://securityvulnerability.io/vulnerability/CVE-2023-20513,Malicious Message Denial of Service Vulnerability,"The vulnerability in AMD's Power Management Firmware arises from an insufficient bounds check that can be exploited by an attacker. By utilizing a malicious virtualization function, an attacker may send a malformed message targeting the firmware. This exploitation could lead to a potential denial of service, disrupting normal operations and affecting system performance. It is essential for users to review their firmware versions and apply any available security measures as recommended by AMD.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:35.499Z,0
CVE-2023-20512,https://securityvulnerability.io/vulnerability/CVE-2023-20512,Potential Privileged Attack via Hardcoded AES Key,"A critical security vulnerability has been identified in various AMD products utilizing the Platform Management Firmware (PMFW). This issue arises from a hardcoded AES encryption key that, if exploited by a privileged attacker, could lead to unauthorized access to sensitive internal debug information. The availability of this key may enable attackers to bypass security measures and gain deeper insights into the system, posing significant risks to data integrity and confidentiality. Users are advised to apply security updates promptly to mitigate this vulnerability.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",1.9,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:33.888Z,0
CVE-2023-20510,https://securityvulnerability.io/vulnerability/CVE-2023-20510,Insufficient DRAM Address Validation May Lead to Data Corruption or Denial of Service,"The vulnerability involves an insufficient validation process for DRAM addresses within AMD's PMFW. A potential attacker with elevated privileges may exploit this weakness to read data from an unauthorized DRAM address, which can lead to significant issues such as data corruption or service disruptions. It highlights the critical need for robust validation mechanisms in memory handling to safeguard against unauthorized access and ensure system stability.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:11.777Z,0
CVE-2023-20509,https://securityvulnerability.io/vulnerability/CVE-2023-20509,Potential DMA Read Vulnerability in PMFW Could Lead to Data Integrity Loss,"A flaw in AMD's PMFW involves inadequate validation of DRAM addresses, allowing a privileged attacker to execute a Direct Memory Access (DMA) read from addresses deemed invalid. This vulnerability poses a risk of data integrity loss by potentially exposing sensitive information, making it critical for users and organizations to assess their security measures and updates.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards,Amd Radeon™ Rx 7000 Series Graphics Cards,Amd Radeon™ Pro W7000 Series Graphics Cards",5.2,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:52:00.677Z,0
CVE-2021-26367,https://securityvulnerability.io/vulnerability/CVE-2021-26367,Misconfiguration of TMRs May Lead to Loss of Integrity and Availability,"A security vulnerability exists in certain AMD processors wherein a malicious actor can exploit misconfigurations of Trusted Memory Regions (TMRs). This exploitation allows the attacker to define arbitrary address ranges for TMRs, which could lead to significant challenges concerning the integrity and availability of the system. It is essential for users of affected AMD products to be aware of this issue and to apply the available security updates provided by the vendor to mitigate risks.",Amd,"Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors",6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T16:50:05.825Z,0
CVE-2021-26392,https://securityvulnerability.io/vulnerability/CVE-2021-26392,,Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.,Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™embedded V3000",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-11-09T21:15:00.000Z,0
CVE-2021-26391,https://securityvulnerability.io/vulnerability/CVE-2021-26391,,Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.,Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-11-09T21:15:00.000Z,0
CVE-2021-26393,https://securityvulnerability.io/vulnerability/CVE-2021-26393,,Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.,Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-11-09T21:15:00.000Z,0
CVE-2021-26360,https://securityvulnerability.io/vulnerability/CVE-2021-26360,,An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.,Amd,Amd Radeon Rx 6000 Series & Pro W6000 Series,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-11-09T21:15:00.000Z,0