ByteOS

CVSS Score-6.3||MEDIUM

EPSS-Not Assigned

Published-12 Feb, 2026 | 17:41

Updated-12 Feb, 2026 | 18:16

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.

Product-AMD Radeon™ RX 7000 Series Graphics Products AMD Ryzen™ AI 300 Series Processors AMD Ryzen™ Embedded 7000 Series Processors AMD Ryzen™ AI MAX Series Processors AMD Instinct™ MI300A AMD Radeon™ PRO V710 AMD Ryzen™ Embedded 8000 Series Processors AMD Instinct™ MI308X AMD Instinct™ MI325X AMD Instinct™ MI300X AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 8000 Series Desktop Processors AMD Ryzen™ Embedded 9000 Series Processors AMD Radeon™ PRO W7000 Series Graphics Products

CWE ID-CWE-1191

On-Chip Debug and Test Interface With Improper Access Control

CVE-2025-52533

CVSS Score-8.7||HIGH

EPSS-Not Assigned

Published-12 Feb, 2026 | 17:11

Updated-12 Feb, 2026 | 18:55

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

CWE ID-CWE-1191

On-Chip Debug and Test Interface With Improper Access Control

CVE-2025-48518

CVSS Score-6.9||MEDIUM

EPSS-Not Assigned

Published-11 Feb, 2026 | 14:34

Updated-11 Feb, 2026 | 15:42

Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.

Product-AMD Ryzen™ Al Max+AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD Radeon™ RX 9000 Series Graphics Products AMD Radeon™ RX 7000 Series Graphics Products AMD Ryzen™ AI 300 Series Processors AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD Radeon™ PRO V710 AMD Ryzen™ Embedded 8000 Series Processors AMD Ryzen™ 8000 Series Desktop Processors AMD Radeon™ PRO W7000 Series Graphics Products

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-36320

CVSS Score-7||HIGH

EPSS-Not Assigned

Published-11 Feb, 2026 | 14:33

Updated-11 Feb, 2026 | 15:42

Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability

CWE ID-CWE-190

Integer Overflow or Wraparound

CVE-2024-36324

CVSS Score-8.8||HIGH

EPSS-Not Assigned

Published-11 Feb, 2026 | 14:29

Updated-12 Feb, 2026 | 04:55

Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

Product-AMD Ryzen™ Al Max+AMD Radeon™ RX 7000 Series Graphics Products AMD Ryzen™ Embedded 9000 Series Processors AMD Ryzen™ Embedded 7000 Series Processors AMD Ryzen™ 7000 Series Desktop Processors; AMD Ryzen™ 8000 Series Desktop Processors; AMD Ryzen™ 9000 Series Desktop Processors AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Radeon™ PRO V710 AMD Ryzen™ Embedded 8000 Series Processors AMD Radeon™ RX 5000 Series Graphics Products AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics AMD Radeon™ RX 9000 Series Graphics Products AMD Radeon™ RX 6000 Series Graphics Products AMD Radeon™ PRO V620 AMD Radeon™ PRO W6000 Series Graphics Products AMD Radeon™ PRO W5000 Series Graphics Products AMD Ryzen™ AI 300 Series Processors AMD Radeon™ PRO V520 AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics V620/NV21 AMD Ryzen™ 9000 Series Desktop Processors AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics; AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics AMD Ryzen™ 8000 Series Desktop Processors AMD Ryzen™ 9000HX Series Mobile Processors (formerly codenamed "Fire Range")AMD Radeon™ PRO W7000 Series Graphics Products

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-36310

CVSS Score-4.6||MEDIUM

EPSS-0.01% / 0.19%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:24

Updated-10 Feb, 2026 | 21:51

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.

Product-AMD Ryzen™ Threadripper™ 7000 Processors AMD Ryzen™ AI Max 300 Series Processors AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics AMD EPYC™ 9004 Series Processors AMD Ryzen™ Embedded 8000 Series Processors AMD Ryzen™ 9000HX Series Mobile Processors Not public AMD EPYC™ 9005 Series Processors AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics AMD Ryzen™ AI 300 Series Processors AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Embedded V3000 Series Processors AMD Ryzen™ 9000 Series Desktop Processors AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors AMD Ryzen™ 8000 Series Desktop Processors

CWE ID-CWE-124

Buffer Underwrite ('Buffer Underflow')

CVE-2025-54514

CVSS Score-4.8||MEDIUM

EPSS-0.01% / 2.29%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:13

Updated-11 Feb, 2026 | 15:05

Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.

Product-AMD EPYC™ Embedded 9005 Series Processors AMD Ryzen™ AI Max 300 Series Processors AMD Ryzen™ AI 300 Series Processors AMD Ryzen™ 9000HX Series Processors AMD Ryzen™ Z2 Series Processors Extreme AMD Ryzen™ Threadripper™ 9000 Processors AMD Ryzen™ 9000 Series Desktop Processors AMD Ryzen™ AI 400 Series Processors AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors AMD EPYC™ 9005 Series Processors

CWE ID-CWE-1189

Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

CVE-2025-0032

CVSS Score-7.2||HIGH

EPSS-0.01% / 0.82%

7 Day CHG~0.00%

Published-06 Sep, 2025 | 18:34

Updated-09 Sep, 2025 | 03:55

Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.

Product-AMD Ryzen™ AI 300 Series Processors AMD Ryzen™ 9000 Series Desktop Processors AMD Ryzen™ 9000HX Series Processors AMD Ryzen™ Al Max+AMD EPYC™ 9005 Series Processors AMD Ryzen™ Threadripper™ 9000 series AMD EPYC™ Embedded 9000 Series Processors

CWE ID-CWE-459

Incomplete Cleanup

CVE-2025-0010

CVSS Score-6.1||MEDIUM

EPSS-0.01% / 1.28%

7 Day CHG~0.00%

Published-06 Sep, 2025 | 18:26

Updated-08 Sep, 2025 | 19:56

An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-36342

CVSS Score-8.8||HIGH

EPSS-0.02% / 5.94%

7 Day CHG~0.00%

Published-06 Sep, 2025 | 17:42

Updated-23 Sep, 2025 | 22:15

Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.

CWE ID-CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

CVE-2024-36326

CVSS Score-8.4||HIGH

EPSS-0.01% / 1.81%

7 Day CHG~0.00%

Published-06 Sep, 2025 | 17:25

Updated-09 Sep, 2025 | 03:55

Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.