NVD CVEs — 本日公開 (35 件)
CVE-2024-36345
Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.
CVE-2025-0045
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service
CVE-2025-48512
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
CVE-2025-48519
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
CVE-2025-48520
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
CVE-2025-48521
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
CVE-2025-52540
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.
CVE-2026-0432
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
CVE-2026-0438
A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromi
CVE-2026-8612
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.
With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without o
GitHub Security Advisories — 本日公開 (20 件)
GHSA-4f5c-wcxh-wgv3
MEDIUM
A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to...
GHSA-84gc-54qf-v3jp
HIGH
Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to...
GHSA-w6gm-fvfm-9m36
MEDIUM
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an...
GHSA-jfvc-65m7-7mhv
LOW
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a...
GHSA-p7c5-wcmh-3ww2
MEDIUM
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an...
GHSA-q6qj-wmmg-cc85
HIGH
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to...
GHSA-f3qw-fm2w-5856
MEDIUM
Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible...
GHSA-gm2x-9p5x-p992
MEDIUM
Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an...
GHSA-jfhv-mg7w-4348
MEDIUM
Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could...
GHSA-qr28-7prp-37fx
MEDIUM
An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker...