PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-09-27
Updated
2023-10-05
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-14
Updated
2023-11-30
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-10-17
Updated
2023-10-28
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-09-20
Updated
2023-09-22
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-11-14
Updated
2023-11-21
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Max CVSS
4.4
EPSS Score
0.04%
Published
2023-09-20
Updated
2023-09-22
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
Max CVSS
5.5
EPSS Score
0.06%
Published
2023-07-24
Updated
2023-09-25
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-14
Updated
2023-11-28
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
Max CVSS
6.8
EPSS Score
0.06%
Published
2023-08-08
Updated
2023-08-22
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-08-08
Updated
2023-11-02
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-08
Updated
2023-08-21
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-08-01
Updated
2023-08-04
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-11
Updated
2023-07-19
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
Max CVSS
3.2
EPSS Score
0.04%
Published
2024-01-11
Updated
2024-01-18
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
Max CVSS
8.1
EPSS Score
0.09%
Published
2023-11-14
Updated
2023-11-28
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
Max CVSS
4.7
EPSS Score
0.04%
Published
2023-08-08
Updated
2023-09-14
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-27
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-27
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-14
Updated
2023-11-27
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-14
Updated
2024-02-13
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
Max CVSS
6.7
EPSS Score
0.04%
Published
2023-08-15
Updated
2023-08-23
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-14
Updated
2024-02-13
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-08-08
Updated
2023-08-14
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-08
Updated
2023-08-14
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
Max CVSS
4.4
EPSS Score
0.04%
Published
2023-08-15
Updated
2023-08-23
243 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!