ByteOS

Product

EPYC™ Processors

Versions

Affected

various

Problem Types

Type	CWE ID	Description
text	N/A	tbd

Type: text

CWE ID: N/A

Description: tbd

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028	x_refsource_MISC

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028	x_refsource_MISC x_transferred

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:11 May, 2022 | 17:15

Updated At:19 May, 2022 | 20:05

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

>>epyc_7763_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

>>epyc_7763>>-

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

>>epyc_7713p_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

>>epyc_7713p>>-

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

>>epyc_7713_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

>>epyc_7713>>-

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

>>epyc_7663_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

>>epyc_7663>>-

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

>>epyc_7643_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

>>epyc_7643>>-

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

>>epyc_75f3_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

>>epyc_75f3>>-

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

>>epyc_7543p_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

>>epyc_7543p>>-

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

>>epyc_7543_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

>>epyc_7543>>-

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

>>epyc_7513_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

>>epyc_7513>>-

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

>>epyc_7453_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

>>epyc_7453>>-

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

>>epyc_74f3_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

>>epyc_74f3>>-

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

>>epyc_7443p_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

>>epyc_7443p>>-

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

>>epyc_7443_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

>>epyc_7443>>-

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

>>epyc_7413_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

>>epyc_7413>>-

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

>>epyc_73f3_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

>>epyc_73f3>>-

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

>>epyc_7343_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

>>epyc_7343>>-

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

>>epyc_7313p_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

>>epyc_7313p>>-

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

>>epyc_7313_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

>>epyc_7313>>-

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

>>epyc_72f3_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

>>epyc_72f3>>-

cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*

>>epyc_7773x_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*

>>epyc_7773x>>-

cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*

>>epyc_7473x_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*

>>epyc_7473x>>-

cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*

>>epyc_7573x_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*

>>epyc_7573x>>-

cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*

>>epyc_7373x_firmware>>Versions before milanpi-sp3_1.0.0.7(exclusive)

cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*

>>epyc_7373x>>-

cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:*

>>epyc_7001_firmware>>Versions before naplespi-sp3_1.0.0.h(exclusive)

cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*

>>epyc_7001>>-

cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:*

>>epyc_7251_firmware>>Versions before naplespi-sp3_1.0.0.h(exclusive)

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

>>epyc_7251>>-

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028	psirt@amd.com	Vendor Advisory

Hyperlink: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028

Source: psirt@amd.com

Resource:

Vendor Advisory

Similar CVEs

18Records found

CVE-2020-12904

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 16.62%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 15:12

Updated-16 Sep, 2024 | 16:38

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-26400

Matching Score-8

Matching Score-8

CVSS Score-4||MEDIUM

EPSS-0.06% / 17.60%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:36

Updated-17 Sep, 2024 | 04:05

AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.

Product-cpu AMD Processors

CVE-2021-26327

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.79%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:18

Updated-17 Sep, 2024 | 02:42

Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2021-26341

Matching Score-8

Matching Score-8

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.96%

7 Day CHG~0.00%

Published-11 Mar, 2022 | 17:54

Updated-16 Sep, 2024 | 20:16

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

CWE ID-CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CVE-2021-26312

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.05% / 13.90%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 17:55

Updated-16 Sep, 2024 | 17:54

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_7371_firmware epyc_7443_firmware epyc_7402p epyc_7451 epyc_7261 epyc_7282_firmware epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7f32 epyc_7542_firmware epyc_7551_firmware epyc_7763_firmware epyc_7272_firmware epyc_7713p epyc_7443 epyc_7513 epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7232p_firmware epyc_7702 epyc_7351p_firmware epyc_7302p_firmware epyc_7453 epyc_7642_firmware epyc_7h12 epyc_7452 epyc_7513_firmware epyc_7543p_firmware epyc_7542 epyc_7281_firmware epyc_7413_firmware epyc_7h12_firmware epyc_7601 epyc_7302 epyc_7232p epyc_7643_firmware epyc_7f52 epyc_7663 epyc_7552_firmware epyc_75f3 epyc_7371 epyc_72f3_firmware epyc_7f72 epyc_7f32_firmware epyc_7662 epyc_7f72_firmware epyc_7662_firmware epyc_7502 epyc_75f3_firmware epyc_7642 epyc_7451_firmware epyc_7343_firmware epyc_7532_firmware epyc_7551 epyc_7281 epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7551p epyc_7313p epyc_7313 epyc_7351p epyc_7551p_firmware epyc_7663_firmware epyc_7601_firmware epyc_7351_firmware epyc_7251 epyc_7532 epyc_7552 epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_7352 epyc_7302_firmware epyc_7763 epyc_7401 epyc_7713_firmware epyc_7402_firmware epyc_7742 epyc_7713p_firmware epyc_7272 epyc_73f3_firmware epyc_7702p epyc_7f52_firmware epyc_7262 epyc_7713 epyc_7443p_firmware epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_7452_firmware epyc_7402p_firmware epyc_7351 epyc_7261_firmware epyc_7543p epyc_7313_firmware epyc_7443p epyc_7742_firmware epyc_7453_firmware epyc_7282 epyc_7501 epyc_7501_firmware epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7301_firmware epyc_73f3 Athlon™ Series Ryzen™ Series EPYC™ Processors

CWE ID-CWE-665

Improper Initialization

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2021-26314

Matching Score-8

Matching Score-8

Vendor-Xen Project Advanced Micro Devices, Inc.Intel Corporation Fedora Project Broadcom Inc.Arm Limited

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 27.61%

7 Day CHG~0.00%

Published-09 Jun, 2021 | 11:23

Updated-17 Sep, 2024 | 02:21

AMD Speculative execution with Floating-Point Value Injection

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Product-core_i7-7700k ryzen_5_5600x xeon_silver_4214 fedora core_i7-10700k ryzen_threadripper_2990wx cortex-a72 xen ryzen_7_2700x core_i9-9900k bcm2711 All supported processors

CWE ID-CWE-208

Observable Timing Discrepancy

CWE ID-CWE-203

Observable Discrepancy

CVE-2021-26337

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.14% / 34.49%

7 Day CHG~0.00%

Published-16 Nov, 2021 | 18:24

Updated-17 Sep, 2024 | 03:49

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.

CVE-2021-26313

Matching Score-8

Matching Score-8

Vendor-Xen Project Advanced Micro Devices, Inc.Intel Corporation Debian GNU/Linux Broadcom Inc.Arm Limited

CVSS Score-5.5||MEDIUM

EPSS-0.08% / 23.79%

7 Day CHG~0.00%

Published-09 Jun, 2021 | 11:23

Updated-16 Sep, 2024 | 19:41

AMD Speculative Code Store Bypass

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Product-debian_linux core_i7-7700k ryzen_5_5600x xeon_silver_4214 core_i7-10700k ryzen_threadripper_2990wx cortex-a72 xen ryzen_7_2700x core_i9-9900k bcm2711 All supported processors

CWE ID-CWE-208

Observable Timing Discrepancy

CWE ID-CWE-203

Observable Discrepancy

CVE-2021-26361

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.13% / 33.10%

7 Day CHG-0.01%

Published-12 May, 2022 | 17:46

Updated-17 Sep, 2024 | 01:06

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.

Product-athlon_3150ge ryzen_5_5600h athlon_3150g_firmware ryzen_3_5425c ryzen_3_5425u_firmware athlon_3050ge ryzen_5_5600u ryzen_5_2500u ryzen_9_5980hx ryzen_3_2300u_firmware ryzen_7_5800hs ryzen_5_5600x ryzen_9_5900hx_firmware ryzen_5_5600hs ryzen_3_2300u ryzen_7_5825u ryzen_5_2600x ryzen_7_2700u_firmware ryzen_5_5625u ryzen_5_5700ge ryzen_7_5825u_firmware ryzen_3_5125c ryzen_7_2800h_firmware ryzen_5_5700g ryzen_9_5900hs_firmware ryzen_5_5560u ryzen_5_5600u_firmware ryzen_5_2500u_firmware ryzen_3_2200u_firmware ryzen_9_5900hs ryzen_3_2200u ryzen_7_2700x ryzen_5_5700g_firmware ryzen_9_5980hs ryzen_3_5125c_firmware ryzen_7_5800u_firmware ryzen_7_5825c_firmware ryzen_5_2600 ryzen_7_2700 ryzen_7_2700x_firmware ryzen_7_5800h_firmware ryzen_5_5625c_firmware ryzen_3_5425u ryzen_5_2600h ryzen_5_5625c ryzen_5_5700ge_firmware ryzen_5_5560u_firmware ryzen_9_5980hx_firmware ryzen_7_2700u ryzen_3_5400u radeon_software ryzen_7_5825c ryzen_5_2600h_firmware ryzen_7_5800u ryzen_7_2800h athlon_3150g ryzen_9_5900hx ryzen_5_2600x_firmware ryzen_5_5600x_firmware ryzen_9_5980hs_firmware ryzen_5_5600hs_firmware ryzen_3_5425c_firmware ryzen_7_2700_firmware athlon_3150ge_firmware ryzen_5_5600h_firmware ryzen_7_5800h ryzen_3_5400u_firmware ryzen_5_2600_firmware ryzen_7_5800hs_firmware ryzen_5_5625u_firmware athlon_3050ge_firmware Athlon™ Series Ryzen™ Series

CVE-2022-29900

Matching Score-8

Matching Score-8

CVSS Score-6.5||MEDIUM

EPSS-1.45% / 79.97%

7 Day CHG~0.00%

Published-12 Jul, 2022 | 15:50

Updated-20 Nov, 2024 | 16:13

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Vendor-Debian GNU/Linux Fedora Project Advanced Micro Devices, Inc.Xen Project

CWE ID-CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CVE-2022-23825

Matching Score-8

Matching Score-8

Vendor-Advanced Micro Devices, Inc.VMware (Broadcom Inc.)Fedora Project Debian GNU/Linux

CVSS Score-6.5||MEDIUM

EPSS-0.23% / 45.54%

7 Day CHG~0.00%

Published-14 Jul, 2022 | 19:27

Updated-16 Sep, 2024 | 17:48

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2020-12987

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.15%

7 Day CHG~0.00%

Published-11 Jun, 2021 | 21:50

Updated-17 Sep, 2024 | 01:02

A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software radeon_pro_software windows_10 AMD Radeon Software

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2020-12905

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.79%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 19:40

Updated-17 Sep, 2024 | 00:36

Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-125

Out-of-bounds Read

CVE-2020-12966

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 22.40%

7 Day CHG~0.00%

Published-04 Feb, 2022 | 22:29

Updated-17 Sep, 2024 | 01:06

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2020-12912

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.95% / 75.42%

7 Day CHG~0.00%

Published-12 Nov, 2020 | 19:08

Updated-04 Aug, 2024 | 12:11

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.

Vendor-n/a Advanced Micro Devices, Inc.

Product-energy_driver_for_linux AMD extension to Linux "hwmon" for Zen1 platforms

CWE ID-CWE-749

Exposed Dangerous Method or Function

CWE ID-CWE-203

Observable Discrepancy

CVE-2020-12901

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.79%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 19:20

Updated-17 Sep, 2024 | 03:17

Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CWE ID-CWE-416

Use After Free

CVE-2020-12897

Matching Score-8

Matching Score-8

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 18.79%

7 Day CHG~0.00%

Published-15 Nov, 2021 | 15:44

Updated-16 Sep, 2024 | 17:38

Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.

Vendor-Advanced Micro Devices, Inc.Microsoft Corporation

Product-radeon_software windows_10 AMD Radeon Software

CVE-2021-46744

Matching Score-8

Matching Score-8

CVSS Score-6.5||MEDIUM

EPSS-0.09% / 26.54%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:40

Updated-16 Sep, 2024 | 23:46

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.