Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for radeon_rx_vega_56_firmware by amd

    CVE-2023-31320 (GCVE-0-2023-31320)

    Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2024-08-02 14:53
    VLAI
    Summary
    Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
    Severity
    No CVSS data available.
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1 ",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3 ",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:51:43.415Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31320",
        "datePublished": "2023-11-14T18:51:43.415Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-08-02T14:53:30.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20568 (GCVE-0-2023-20568)

    Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
    VLAI
    Summary
    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:23.226Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20568",
        "datePublished": "2023-11-14T18:51:35.466Z",
        "dateReserved": "2022-10-27T18:53:39.754Z",
        "dateUpdated": "2025-02-13T16:39:47.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20567 (GCVE-0-2023-20567)

    Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
    VLAI
    Summary
    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:22.270Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20567",
        "datePublished": "2023-11-14T18:51:25.340Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2025-02-13T16:39:47.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46748 (GCVE-0-2021-46748)

    Vulnerability from nvd – Published: 2023-11-14 18:50 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:08.336Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46748",
        "datePublished": "2023-11-14T18:50:52.470Z",
        "dateReserved": "2022-03-31T16:50:27.865Z",
        "dateUpdated": "2025-02-13T16:28:47.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26393 (GCVE-0-2021-26393)

    Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
    VLAI
    Summary
    Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:22:50.269Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26393",
        "datePublished": "2022-11-09T20:44:25.517Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:26.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26392 (GCVE-0-2021-26392)

    Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
    VLAI
    Summary
    Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™Embedded V3000 Affected: various
    Create a notification for this product.
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:22:08.137Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26392",
        "datePublished": "2022-11-09T20:44:26.258Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:51:46.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26391 (GCVE-0-2021-26391)

    Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2025-05-01 14:19
    VLAI
    Summary
    Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • TBD
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T14:19:01.036693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T14:19:25.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "TBD",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-09T00:00:00.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26391",
        "datePublished": "2022-11-09T20:44:25.253Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2025-05-01T14:19:25.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12930 (GCVE-0-2020-12930)

    Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
    VLAI
    Summary
    Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:18.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
                }
              ],
              "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:20:09.393Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2020-12930",
        "datePublished": "2022-11-09T20:44:25.791Z",
        "dateReserved": "2020-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:00:30.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31320 (GCVE-0-2023-31320)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2024-08-02 14:53
    VLAI
    Summary
    Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
    Severity
    No CVSS data available.
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1 ",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3 ",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:51:43.415Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31320",
        "datePublished": "2023-11-14T18:51:43.415Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-08-02T14:53:30.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20568 (GCVE-0-2023-20568)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
    VLAI
    Summary
    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:23.226Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20568",
        "datePublished": "2023-11-14T18:51:35.466Z",
        "dateReserved": "2022-10-27T18:53:39.754Z",
        "dateUpdated": "2025-02-13T16:39:47.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20567 (GCVE-0-2023-20567)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2025-02-13 16:39
    VLAI
    Summary
    Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:22.270Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20567",
        "datePublished": "2023-11-14T18:51:25.340Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2025-02-13T16:39:47.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46748 (GCVE-0-2021-46748)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:50 – Updated: 2025-02-13 16:28
    VLAI
    Summary
    Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: Adrenalin Edition 23.7.1",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AMD Software: PRO Edition 23.Q3",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:55:08.336Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-6003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46748",
        "datePublished": "2023-11-14T18:50:52.470Z",
        "dateReserved": "2022-03-31T16:50:27.865Z",
        "dateUpdated": "2025-02-13T16:28:47.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26392 (GCVE-0-2021-26392)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
    VLAI
    Summary
    Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™Embedded V3000 Affected: various
    Create a notification for this product.
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:22:08.137Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26392",
        "datePublished": "2022-11-09T20:44:26.258Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:51:46.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12930 (GCVE-0-2020-12930)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
    VLAI
    Summary
    Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:18.208Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen(TM) Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
                }
              ],
              "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:20:09.393Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2020-12930",
        "datePublished": "2022-11-09T20:44:25.791Z",
        "dateReserved": "2020-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:00:30.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26393 (GCVE-0-2021-26393)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
    VLAI
    Summary
    Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
    Severity
    No CVSS data available.
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    Date Public
    2022-11-08 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.406Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:22:50.269Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029, AMD-SB-5001",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26393",
        "datePublished": "2022-11-09T20:44:25.517Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:26.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26391 (GCVE-0-2021-26391)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2025-05-01 14:19
    VLAI
    Summary
    Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • TBD
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon RX 5000 Series & PRO W5000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    AMD AMD Radeon RX 6000 Series & PRO W6000 Series Affected: AMD Radeon Software , < 22.5.2 (custom)
    Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
    Affected: Enterprise Driver , < 22.10.20 (custom)
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-01T14:19:01.036693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-347",
                    "description": "CWE-347 Improper Verification of Cryptographic Signature",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-01T14:19:25.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "22.5.2",
                  "status": "affected",
                  "version": "AMD Radeon Software",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.Q2",
                  "status": "affected",
                  "version": "AMD Radeon Pro Software Enterprise",
                  "versionType": "custom"
                },
                {
                  "lessThan": "22.10.20",
                  "status": "affected",
                  "version": "Enterprise Driver",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "TBD",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-09T00:00:00.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1029",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26391",
        "datePublished": "2022-11-09T20:44:25.253Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2025-05-01T14:19:25.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }