Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
104 vulnerabilities found for radeon_software by amd
CVE-2024-36333 (GCVE-0-2024-36333)
Vulnerability from nvd – Published: 2026-05-15 02:58 – Updated: 2026-05-16 03:56
VLAI
Summary
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Security Vulnerability
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Cleanup Utility |
Unaffected:
https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
|
|
| AMD | AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 26.Q1 (23.19.24)
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
AMD Software: PRO Edition 26.Q1 (23.19.24)
|
Date Public
2026-05-15 02:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:12.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Cleanup Utility",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 26.1.1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 26.1.1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 26.Q1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 26.Q1 (23.19.24)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:42:43.934Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:58:47.310Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36333",
"datePublished": "2026-05-15T02:58:47.310Z",
"dateReserved": "2024-05-23T19:44:44.387Z",
"dateUpdated": "2026-05-16T03:56:12.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31324 (GCVE-0-2023-31324)
Vulnerability from nvd – Published: 2026-02-11 14:34 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:37.735258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
}
],
"datePublic": "2026-02-11T14:11:05.353Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:34:54.024Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31324",
"datePublished": "2026-02-11T14:34:54.024Z",
"dateReserved": "2023-04-27T15:25:41.424Z",
"dateUpdated": "2026-02-11T15:42:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20548 (GCVE-0-2023-20548)
Vulnerability from nvd – Published: 2026-02-11 14:35 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:36.072812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-11T14:11:10.415Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:35:16.063Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20548",
"datePublished": "2026-02-11T14:35:16.063Z",
"dateReserved": "2022-10-27T18:53:39.744Z",
"dateUpdated": "2026-02-11T15:42:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21937 (GCVE-0-2024-21937)
Vulnerability from nvd – Published: 2024-11-12 17:14 – Updated: 2024-11-14 16:26
VLAI
Summary
Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Software: PRO Edition |
Affected:
0 , < 24.10.16
(software)
Affected: 0 , < 24.Q2 (24.10.20) (software) |
|
| AMD | AMD Software: Adrenalin Edition |
Affected:
0 , < 24.6.1 (24.10.21.01)
(software)
|
|
| AMD | AMD Software: Cloud Edition |
Affected:
0 , < 24.7.1
(software)
|
|
| amd | amd_software_pro_edition |
Affected:
0 , < 24.10.16
(custom)
Affected: 0 , < 24.q2_24.10.20 (custom) cpe:2.3:a:amd:amd_software_pro_edition:*:*:*:*:*:*:*:* |
|
| amd | amd_software_adrenalin_edition |
Affected:
0 , < 24.6.1_24.10.21.01
(custom)
cpe:2.3:a:amd:amd_software_adrenalin_edition:*:*:*:*:*:*:*:* |
|
| amd | amd_software_cloud_edition |
Affected:
0 , < 24.7.1
(custom)
cpe:2.3:a:amd:amd_software_cloud_edition:*:*:*:*:*:*:*:* |
Date Public
2024-11-12 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amd:amd_software_pro_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_pro_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.10.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.q2_24.10.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:amd_software_adrenalin_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_adrenalin_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.6.1_24.10.21.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:amd_software_cloud_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_cloud_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T16:22:23.757990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T16:26:04.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AMD Software: PRO Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.10.16",
"status": "affected",
"version": "0",
"versionType": "software"
},
{
"lessThan": "24.Q2 (24.10.20)",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Software: Adrenalin Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.6.1 (24.10.21.01)",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Software: Cloud Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.7.1",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
}
],
"datePublic": "2024-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eIncorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.\u003c/span\u003e"
}
],
"value": "Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T17:14:20.641Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21937",
"datePublished": "2024-11-12T17:14:20.641Z",
"dateReserved": "2024-01-03T16:43:14.977Z",
"dateUpdated": "2024-11-14T16:26:04.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31307 (GCVE-0-2023-31307)
Vulnerability from nvd – Published: 2024-08-13 16:54 – Updated: 2024-12-03 16:30
VLAI
Summary
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 23.Q4 (23.30.13.03)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:03:11.598841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:30:08.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; \u0026nbsp;Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
}
],
"value": "Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:54:03.514Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31307",
"datePublished": "2024-08-13T16:54:03.514Z",
"dateReserved": "2023-04-27T15:25:41.422Z",
"dateUpdated": "2024-12-03T16:30:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20510 (GCVE-0-2023-20510)
Vulnerability from nvd – Published: 2024-08-13 16:52 – Updated: 2024-11-21 15:32
VLAI
Summary
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 23.Q4 (23.30.13.03)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:03:49.594825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:32:34.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
}
],
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:11.777Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20510",
"datePublished": "2024-08-13T16:52:11.777Z",
"dateReserved": "2022-10-27T18:53:39.735Z",
"dateUpdated": "2024-11-21T15:32:34.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26367 (GCVE-0-2021-26367)
Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
VLAI
Summary
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
16 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:04:31.680686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T16:25:09.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
}
],
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:05.825Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26367",
"datePublished": "2024-08-13T16:50:05.825Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2024-12-04T16:25:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31320 (GCVE-0-2023-31320)
Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2024-08-02 14:53
VLAI
Summary
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1 ",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3 ",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:51:43.415Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31320",
"datePublished": "2023-11-14T18:51:43.415Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2024-08-02T14:53:30.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20568 (GCVE-0-2023-20568)
Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
VLAI
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:23.226Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20568",
"datePublished": "2023-11-14T18:51:35.466Z",
"dateReserved": "2022-10-27T18:53:39.754Z",
"dateUpdated": "2025-02-13T16:39:47.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20567 (GCVE-0-2023-20567)
Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
VLAI
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:22.270Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20567",
"datePublished": "2023-11-14T18:51:25.340Z",
"dateReserved": "2022-10-27T18:53:39.753Z",
"dateUpdated": "2025-02-13T16:39:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46748 (GCVE-0-2021-46748)
Vulnerability from nvd – Published: 2023-11-14 18:50 – Updated: 2025-02-13 16:28
VLAI
Summary
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:08.336Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46748",
"datePublished": "2023-11-14T18:50:52.470Z",
"dateReserved": "2022-03-31T16:50:27.865Z",
"dateUpdated": "2025-02-13T16:28:47.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20598 (GCVE-0-2023-20598)
Vulnerability from nvd – Published: 2023-10-17 13:26 – Updated: 2024-08-02 09:05
VLAI
Summary
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX 6000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX 7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000 Series Graphics Cards |
Affected:
Various
|
|
| AMD | Radeon™ PRO W6000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Ryzen™ 7045 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7040 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| amd | radeon_rx_5300_xt |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7900:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7800xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900xtx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:* cpe:2.3:o:amd:radeon_rx_7900xtx_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_gre_10gb:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_gre_12gb:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:* |
|
| amd | ryzen_5_7645hx |
Affected:
0 , < *
(custom)
cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7745hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7840u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7840h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7545u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7640u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7645hx:-:*:*:*:*:*:*:* |
|
| amd | ryzen_9_pro_7945 |
Affected:
0 , < *
(custom)
cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7845hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7945hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7945hx3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7940h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:* |
Date Public
2023-10-16 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7900:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7800xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900xtx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:radeon_rx_7900xtx_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_gre_10gb:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_gre_12gb:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "radeon_rx_5300_xt",
"vendor": "amd",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7745hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7840u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7840h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7545u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7640u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7645hx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_5_7645hx",
"vendor": "amd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7845hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7945hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7945hx3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7940h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_9_pro_7945",
"vendor": "amd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T17:12:05.139002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T17:12:23.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 5000 Series Graphics Cards",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W5000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7045 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": " Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-10-16T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn improper privilege management in the AMD Radeon\u2122\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eGraphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\u003c/span\u003e\n\n\n\n"
}
],
"value": "\n\n\nAn improper privilege management in the AMD Radeon\u2122\u00a0Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T13:26:21.731Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009"
}
],
"source": {
"advisory": "\u202f\u202fAMD-SB-6009",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20598",
"datePublished": "2023-10-17T13:26:21.731Z",
"dateReserved": "2022-10-27T18:53:39.763Z",
"dateUpdated": "2024-08-02T09:05:36.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20586 (GCVE-0-2023-20586)
Vulnerability from nvd – Published: 2023-08-08 17:05 – Updated: 2024-10-11 16:52
VLAI
Title
Radeon™ Software Crimson ReLive Edition
Summary
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ Software Crimson ReLive Edition |
Affected:
Various
|
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T16:52:02.725525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T16:52:31.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 Software Crimson ReLive Edition",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRadeon\u2122 Software Crimson ReLive Edition\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e which may allow escalation of privilege. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRadeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\u003c/span\u003e\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nA potential vulnerability was reported in Radeon\u2122 Software Crimson ReLive Edition which may allow escalation of privilege. Radeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:05:16.338Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007"
}
],
"source": {
"advisory": "AMD-SB-6007",
"discovery": "UNKNOWN"
},
"title": "Radeon\u2122 Software Crimson ReLive Edition",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20586",
"datePublished": "2023-08-08T17:05:16.338Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-11T16:52:31.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26360 (GCVE-0-2021-26360)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2025-05-01 14:12
VLAI
Summary
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- TBD
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
Date Public
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:11:37.852727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:12:12.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "TBD",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
],
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26360",
"datePublished": "2022-11-09T20:44:26.034Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:12:12.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity
No CVSS data available.
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™Embedded V3000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36333 (GCVE-0-2024-36333)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:58 – Updated: 2026-05-16 03:56
VLAI
Summary
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Security Vulnerability
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)
|
|
| AMD | AMD Cleanup Utility |
Unaffected:
https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
AMD Software: Adrenalin Edition 26.1.1 (23.19.24)
|
|
| AMD | AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 26.Q1 (23.19.24)
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
AMD Software: PRO Edition 26.Q1 (23.19.24)
|
Date Public
2026-05-15 02:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:12.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01 RDNA3+, 25.10.33.02 RDNA1/RDNA2)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Cleanup Utility",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 26.1.1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 26.1.1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 26.Q1 (23.19.24)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 26.Q1 (23.19.24)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:42:43.934Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:58:47.310Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36333",
"datePublished": "2026-05-15T02:58:47.310Z",
"dateReserved": "2024-05-23T19:44:44.387Z",
"dateUpdated": "2026-05-16T03:56:12.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20548 (GCVE-0-2023-20548)
Vulnerability from cvelistv5 – Published: 2026-02-11 14:35 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:36.072812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-11T14:11:10.415Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:35:16.063Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20548",
"datePublished": "2026-02-11T14:35:16.063Z",
"dateReserved": "2022-10-27T18:53:39.744Z",
"dateUpdated": "2026-02-11T15:42:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31324 (GCVE-0-2023-31324)
Vulnerability from cvelistv5 – Published: 2026-02-11 14:34 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:37.735258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
}
],
"datePublic": "2026-02-11T14:11:05.353Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:34:54.024Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31324",
"datePublished": "2026-02-11T14:34:54.024Z",
"dateReserved": "2023-04-27T15:25:41.424Z",
"dateUpdated": "2026-02-11T15:42:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21937 (GCVE-0-2024-21937)
Vulnerability from cvelistv5 – Published: 2024-11-12 17:14 – Updated: 2024-11-14 16:26
VLAI
Summary
Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Software: PRO Edition |
Affected:
0 , < 24.10.16
(software)
Affected: 0 , < 24.Q2 (24.10.20) (software) |
|
| AMD | AMD Software: Adrenalin Edition |
Affected:
0 , < 24.6.1 (24.10.21.01)
(software)
|
|
| AMD | AMD Software: Cloud Edition |
Affected:
0 , < 24.7.1
(software)
|
|
| amd | amd_software_pro_edition |
Affected:
0 , < 24.10.16
(custom)
Affected: 0 , < 24.q2_24.10.20 (custom) cpe:2.3:a:amd:amd_software_pro_edition:*:*:*:*:*:*:*:* |
|
| amd | amd_software_adrenalin_edition |
Affected:
0 , < 24.6.1_24.10.21.01
(custom)
cpe:2.3:a:amd:amd_software_adrenalin_edition:*:*:*:*:*:*:*:* |
|
| amd | amd_software_cloud_edition |
Affected:
0 , < 24.7.1
(custom)
cpe:2.3:a:amd:amd_software_cloud_edition:*:*:*:*:*:*:*:* |
Date Public
2024-11-12 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amd:amd_software_pro_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_pro_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.10.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "24.q2_24.10.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:amd_software_adrenalin_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_adrenalin_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.6.1_24.10.21.01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:amd_software_cloud_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "amd_software_cloud_edition",
"vendor": "amd",
"versions": [
{
"lessThan": "24.7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T16:22:23.757990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T16:26:04.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AMD Software: PRO Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.10.16",
"status": "affected",
"version": "0",
"versionType": "software"
},
{
"lessThan": "24.Q2 (24.10.20)",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Software: Adrenalin Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.6.1 (24.10.21.01)",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Software: Cloud Edition",
"vendor": "AMD",
"versions": [
{
"lessThan": "24.7.1",
"status": "affected",
"version": "0",
"versionType": "software"
}
]
}
],
"datePublic": "2024-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eIncorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.\u003c/span\u003e"
}
],
"value": "Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T17:14:20.641Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21937",
"datePublished": "2024-11-12T17:14:20.641Z",
"dateReserved": "2024-01-03T16:43:14.977Z",
"dateUpdated": "2024-11-14T16:26:04.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31307 (GCVE-0-2023-31307)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:54 – Updated: 2024-12-03 16:30
VLAI
Summary
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 23.Q4 (23.30.13.03)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:03:11.598841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:30:08.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; \u0026nbsp;Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
}
],
"value": "Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:54:03.514Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31307",
"datePublished": "2024-08-13T16:54:03.514Z",
"dateReserved": "2023-04-27T15:25:41.422Z",
"dateUpdated": "2024-12-03T16:30:08.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20510 (GCVE-0-2023-20510)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:52 – Updated: 2024-11-21 15:32
VLAI
Summary
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 23.Q4 (23.30.13.03)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:03:49.594825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:32:34.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
}
],
"value": "An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:11.777Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20510",
"datePublished": "2024-08-13T16:52:11.777Z",
"dateReserved": "2022-10-27T18:53:39.735Z",
"dateUpdated": "2024-11-21T15:32:34.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26367 (GCVE-0-2021-26367)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
VLAI
Summary
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
16 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:04:31.680686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T16:25:09.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
}
],
"value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:05.825Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26367",
"datePublished": "2024-08-13T16:50:05.825Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2024-12-04T16:25:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31320 (GCVE-0-2023-31320)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2024-08-02 14:53
VLAI
Summary
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1 ",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3 ",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:51:43.415Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31320",
"datePublished": "2023-11-14T18:51:43.415Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2024-08-02T14:53:30.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20568 (GCVE-0-2023-20568)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
VLAI
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:23.226Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20568",
"datePublished": "2023-11-14T18:51:35.466Z",
"dateReserved": "2022-10-27T18:53:39.754Z",
"dateUpdated": "2025-02-13T16:39:47.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20567 (GCVE-0-2023-20567)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
VLAI
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:22.270Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20567",
"datePublished": "2023-11-14T18:51:25.340Z",
"dateReserved": "2022-10-27T18:53:39.753Z",
"dateUpdated": "2025-02-13T16:39:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46748 (GCVE-0-2021-46748)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:50 – Updated: 2025-02-13 16:28
VLAI
Summary
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.intel.com/content/www/us/en/security-… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000/W6000/W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX Vega Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO WX Vega Series Graphics Cards |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:08.336Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46748",
"datePublished": "2023-11-14T18:50:52.470Z",
"dateReserved": "2022-03-31T16:50:27.865Z",
"dateUpdated": "2025-02-13T16:28:47.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20598 (GCVE-0-2023-20598)
Vulnerability from cvelistv5 – Published: 2023-10-17 13:26 – Updated: 2024-08-02 09:05
VLAI
Summary
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ RX 5000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX 6000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ RX 7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W5000 Series Graphics Cards |
Affected:
Various
|
|
| AMD | Radeon™ PRO W6000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Radeon™ PRO W7000 Series Graphics Cards |
Affected:
various
|
|
| AMD | Ryzen™ 7045 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7040 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| amd | radeon_rx_5300_xt |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_pro_w7900:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7600xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7800xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900xtx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:* cpe:2.3:o:amd:radeon_rx_7900xtx_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_gre_10gb:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_gre_12gb:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:* cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:* |
|
| amd | ryzen_5_7645hx |
Affected:
0 , < *
(custom)
cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7745hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_7840u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7840h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7545u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7640u:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_5_7645hx:-:*:*:*:*:*:*:* |
|
| amd | ryzen_9_pro_7945 |
Affected:
0 , < *
(custom)
cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7845hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7945hx:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7945hx3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7940h:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:* |
Date Public
2023-10-16 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6300m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6500m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6600x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6800x_duo:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w6900x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_pro_w7900:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7600xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7800xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900xtx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:radeon_rx_7900xtx_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_gre_10gb:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_gre_12gb:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "radeon_rx_5300_xt",
"vendor": "amd",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7745hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_7840u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7840h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7545u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7640u:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_5_7645hx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_5_7645hx",
"vendor": "amd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7845hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7945hx:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7945hx3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7940h:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:*",
"cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_9_pro_7945",
"vendor": "amd",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T17:12:05.139002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T17:12:23.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 5000 Series Graphics Cards",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 RX 7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W5000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W6000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Radeon\u2122 PRO W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7045 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": " Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-10-16T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn improper privilege management in the AMD Radeon\u2122\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eGraphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\u003c/span\u003e\n\n\n\n"
}
],
"value": "\n\n\nAn improper privilege management in the AMD Radeon\u2122\u00a0Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T13:26:21.731Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009"
}
],
"source": {
"advisory": "\u202f\u202fAMD-SB-6009",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20598",
"datePublished": "2023-10-17T13:26:21.731Z",
"dateReserved": "2022-10-27T18:53:39.763Z",
"dateUpdated": "2024-08-02T09:05:36.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20586 (GCVE-0-2023-20586)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:05 – Updated: 2024-10-11 16:52
VLAI
Title
Radeon™ Software Crimson ReLive Edition
Summary
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Radeon™ Software Crimson ReLive Edition |
Affected:
Various
|
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T16:52:02.725525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T16:52:31.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 Software Crimson ReLive Edition",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRadeon\u2122 Software Crimson ReLive Edition\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e which may allow escalation of privilege. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRadeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\u003c/span\u003e\n\n\n\n\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nA potential vulnerability was reported in Radeon\u2122 Software Crimson ReLive Edition which may allow escalation of privilege. Radeon\u2122 Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:05:16.338Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6007"
}
],
"source": {
"advisory": "AMD-SB-6007",
"discovery": "UNKNOWN"
},
"title": "Radeon\u2122 Software Crimson ReLive Edition",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20586",
"datePublished": "2023-08-08T17:05:16.338Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-11T16:52:31.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity
No CVSS data available.
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™Embedded V3000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26360 (GCVE-0-2021-26360)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2025-05-01 14:12
VLAI
Summary
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- TBD
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
Date Public
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:11:37.852727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:12:12.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "TBD",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
],
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26360",
"datePublished": "2022-11-09T20:44:26.034Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2025-05-01T14:12:12.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}