cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21971,https://securityvulnerability.io/vulnerability/CVE-2024-21971,Input Validation Flaw in AMD Crash Defender Affects Windows Systems,"A vulnerability in AMD Crash Defender allows attackers to manipulate the Windows system process ID within a kernel-mode driver. This improper input validation can lead to system crashes, posing a risk of denial of service. Users of the affected product should apply updates promptly to mitigate these security concerns.",Amd,"Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7030 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7045 Series Mobile Processors,Amd Radeon™ Rx 5000 Series Graphics Products,Amd Radeon™ Pro W5000 Series Graphics Products,Amd Radeon™ Rx 7000 Series Graphics Products,Amd Radeon™ Pro W7000 Series Graphics Products,Amd Radeon™ Vii,Amd Radeon™ Pro Vii,Amd Radeon™ Instinct™ Mi25,Amd Radeon™ Pro V520,Amd Radeon™ Pro V620,Amd Radeon™ Pro V710,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 7000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™ Embedded V3000",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:15:00.000Z,0
CVE-2023-20508,https://securityvulnerability.io/vulnerability/CVE-2023-20508,Access Control Flaw in AMD Software Products,"An improper access control vulnerability in AMD Software could enable a privileged attacker to execute an out-of-bounds write operation to a memory segment that is not under their control. This flaw raises significant security concerns, potentially allowing unauthorized access to confidential information and compromising the integrity and availability of the affected system.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Products,Amd Radeon™ Pro W6000 Series Graphics Products,Amd Radeon™ Instinct™ Mi25,Amd Radeon™ Pro V520,Amd Radeon™ Pro V620,Amd Radeon™ Pro V710,Amd Instinct™ Mi300a,Amd Instinct™ Mi300x,Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Desktop Processors,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processor With Radeon™ Graphics,Amd Ryzen™ 8000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 6000 Series Processor With Radeon™ Graphics,Amd Ryzen™ 7035 Series Processor With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7030 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7040 Series Processors With Radeon™ Graphics,Amd Ryzen™ 7000 Series Desktop Processors,Amd Ryzen™ 7045 Series Mobile Processors",5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T00:15:00.000Z,0
CVE-2023-31310,https://securityvulnerability.io/vulnerability/CVE-2023-31310,Firmware Vulnerability Could Lead to Integrity and Availability Losses,"The vulnerability arises from improper input validation within AMD's Power Management Firmware (PMFW). This flaw could allow an attacker with sufficient privileges to send malformed input to the 'set temperature input selection' command. Exploiting this vulnerability could lead to a compromise of data integrity and possibly disrupt the availability of the system, making it critical for users and administrators to be aware of the risks associated with the outdated firmware.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:54:05.783Z,0
CVE-2023-31307,https://securityvulnerability.io/vulnerability/CVE-2023-31307,Out-of-Bounds Memory Read Vulnerability in PMFW Could Lead to Denial of Service,"An improper validation vulnerability exists within the Power Management Firmware used in AMD products. A privileged attacker can exploit this weakness to initiate an out-of-bounds memory read. This can potentially disrupt services, leading to a denial of service condition. Users of the firmware should be aware of the implications of this vulnerability and consider measures to mitigate the risks associated with it.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:54:03.514Z,0
CVE-2023-31304,https://securityvulnerability.io/vulnerability/CVE-2023-31304,Potential Loss of Availability Due to Improper Input Validation in SMU,"The vulnerability in AMD's System Management Unit (SMU) arises from improper input validation, which can be exploited by an attacker with privileges who has compromised a physical function (PF). This flaw allows the manipulation of PCIe lane count and speed settings, which could lead to significant availability issues. Organizations utilizing affected AMD components must take precautionary measures to mitigate potential risks and ensure system integrity.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",2.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:53:44.552Z,0
CVE-2023-31305,https://securityvulnerability.io/vulnerability/CVE-2023-31305,Weak Initialization Vector Generations May Lead to Information Disclosure,"The Power Management Firmware developed by AMD is affected by a vulnerability related to the generation of weak and predictable Initialization Vector (IV). An attacker with the necessary privileges can exploit this weakness by reusing IV values, enabling them to potentially reverse-engineer sensitive debug data. This could lead to unauthorized access to confidential information and pose a significant threat to system integrity.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",1.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:53:42.810Z,0
CVE-2023-20513,https://securityvulnerability.io/vulnerability/CVE-2023-20513,Malicious Message Denial of Service Vulnerability,"The vulnerability in AMD's Power Management Firmware arises from an insufficient bounds check that can be exploited by an attacker. By utilizing a malicious virtualization function, an attacker may send a malformed message targeting the firmware. This exploitation could lead to a potential denial of service, disrupting normal operations and affecting system performance. It is essential for users to review their firmware versions and apply any available security measures as recommended by AMD.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",3.3,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:35.499Z,0
CVE-2023-20512,https://securityvulnerability.io/vulnerability/CVE-2023-20512,Potential Privileged Attack via Hardcoded AES Key,"A critical security vulnerability has been identified in various AMD products utilizing the Platform Management Firmware (PMFW). This issue arises from a hardcoded AES encryption key that, if exploited by a privileged attacker, could lead to unauthorized access to sensitive internal debug information. The availability of this key may enable attackers to bypass security measures and gain deeper insights into the system, posing significant risks to data integrity and confidentiality. Users are advised to apply security updates promptly to mitigate this vulnerability.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",1.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:33.888Z,0
CVE-2023-20510,https://securityvulnerability.io/vulnerability/CVE-2023-20510,Insufficient DRAM Address Validation May Lead to Data Corruption or Denial of Service,"The vulnerability involves an insufficient validation process for DRAM addresses within AMD's PMFW. A potential attacker with elevated privileges may exploit this weakness to read data from an unauthorized DRAM address, which can lead to significant issues such as data corruption or service disruptions. It highlights the critical need for robust validation mechanisms in memory handling to safeguard against unauthorized access and ensure system stability.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards",6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:11.777Z,0
CVE-2023-20509,https://securityvulnerability.io/vulnerability/CVE-2023-20509,Potential DMA Read Vulnerability in PMFW Could Lead to Data Integrity Loss,"A flaw in AMD's PMFW involves inadequate validation of DRAM addresses, allowing a privileged attacker to execute a Direct Memory Access (DMA) read from addresses deemed invalid. This vulnerability poses a risk of data integrity loss by potentially exposing sensitive information, making it critical for users and organizations to assess their security measures and updates.",Amd,"Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards,Amd Radeon™ Rx 7000 Series Graphics Cards,Amd Radeon™ Pro W7000 Series Graphics Cards",5.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:52:00.677Z,0
CVE-2021-26367,https://securityvulnerability.io/vulnerability/CVE-2021-26367,Misconfiguration of TMRs May Lead to Loss of Integrity and Availability,"A security vulnerability exists in certain AMD processors wherein a malicious actor can exploit misconfigurations of Trusted Memory Regions (TMRs). This exploitation allows the attacker to define arbitrary address ranges for TMRs, which could lead to significant challenges concerning the integrity and availability of the system. It is essential for users of affected AMD products to be aware of this issue and to apply the available security updates provided by the vendor to mitigate risks.",Amd,"Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics,Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics,Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics,Amd Athlon™ 3000 Series Mobile  Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Mobile Processor With Radeon™ Graphics,Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics,Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics,Amd Ryzen™ 3000 Series Processors With Radeon™ Graphics,Amd Radeon™ Rx 6000 Series Graphics Cards,Amd Radeon™ Pro W6000 Series Graphics Cards,Amd Ryzen™ Embedded R1000 Series Processors,Amd Ryzen™ Embedded R2000 Series Processors,Amd Ryzen™ Embedded V1000 Series Processors,Amd Ryzen™ Embedded V2000 Series Processors",6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-13T16:50:05.825Z,0
CVE-2021-26391,https://securityvulnerability.io/vulnerability/CVE-2021-26391,Insufficient Header Signature Verification in AMD Trusted Applications,"This vulnerability arises from inadequate verification of multiple header signatures during the loading of Trusted Applications (TAs), potentially allowing an attacker with appropriate privileges to execute arbitrary code within the TA or affect the operating system and kernel. Such a vulnerability poses a significant risk to system integrity and confidentiality, necessitating immediate attention and remediation.",Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-09T21:15:00.000Z,0
CVE-2021-26360,https://securityvulnerability.io/vulnerability/CVE-2021-26360,Local Access Vulnerability in AMD Secure Processor,"This vulnerability allows an attacker with local access to modify the security configuration of the SOC registers within the AMD Secure Processor. Such modifications can compromise the integrity of encrypted memory contents managed by the AMD secure processor, potentially enabling arbitrary code execution. This poses significant risks as it opens paths for unauthorized access to sensitive operations and data.",Amd,Amd Radeon Rx 6000 Series & Pro W6000 Series,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-11-09T21:15:00.000Z,0
CVE-2021-26392,https://securityvulnerability.io/vulnerability/CVE-2021-26392,Out-of-bounds Write Vulnerability in AMD Product,"The vulnerability arises from insufficient verification of size checks in the 'LoadModule' functionality, which may permit an out-of-bounds write. This flaw could potentially allow an attacker with appropriate privileges to execute code at the OS or kernel level by loading a malicious Trusted Application (TA), raising significant security concerns for affected AMD products.",Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded 5000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000,Amd Ryzen™embedded V3000",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-09T21:15:00.000Z,0
CVE-2021-26393,https://securityvulnerability.io/vulnerability/CVE-2021-26393,Insufficient Memory Cleanup in AMD Secure Processor Affects Data Confidentiality,"The AMD Secure Processor (ASP) is susceptible to a vulnerability due to insufficient memory cleanup in its Trusted Execution Environment (TEE). This flaw could allow an authenticated attacker with appropriate privileges to create a valid signed Trusted Application (TA). By exploiting this, the attacker can manipulate the process memory, potentially injecting malicious data and compromising confidentiality.",Amd,"Amd Radeon Rx 5000 Series & Pro W5000 Series,Amd Radeon Rx 6000 Series & Pro W6000 Series,Amd Ryzen™ Embedded R1000,Amd Ryzen™ Embedded R2000,Amd Ryzen™ Embedded V1000,Amd Ryzen™ Embedded V2000",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-09T21:15:00.000Z,0