AMD 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption, and パス処理の欠陥 に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-28237 | Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability. | [email protected] | 6.8 | 0.10% | 2026-06-09 | 2026-06-16 |
| CVE-2026-0466 | Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service. | [email protected] | 6.8 | 0.11% | 2026-06-09 | 2026-06-16 |
| CVE-2026-49121 | AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_add | [email protected] | 9.2 | 0.73% | 2026-06-01 | 2026-06-08 |
| CVE-2024-36333 | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | [email protected] | 7.0 | 0.12% | 2026-05-15 | 2026-05-18 |
| CVE-2023-31324 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability. | [email protected] | 7.1 | 0.10% | 2026-02-11 | 2026-03-05 |
| CVE-2023-20548 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. | [email protected] | 7.1 | 0.10% | 2026-02-11 | 2026-03-05 |
| CVE-2025-48511 | Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service. | [email protected] | 5.5 | 0.10% | 2025-11-24 | 2025-11-26 |
| CVE-2025-48510 | Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. | [email protected] | 7.1 | 0.11% | 2025-11-24 | 2025-11-26 |
| CVE-2025-29933 | Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service | [email protected] | 5.5 | 0.10% | 2025-11-24 | 2025-11-26 |
| CVE-2025-48502 | Improper input validation within AMD uprof can allow a local attacker to overwrite MSR registers, potentially resulting in crash or denial of service. | [email protected] | 5.5 | 0.10% | 2025-11-21 | 2025-11-26 |
| CVE-2023-31359 | Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.14% | 2025-05-13 | 2025-05-16 |
| CVE-2023-31358 | A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.05% | 2025-05-13 | 2025-05-16 |
| CVE-2024-36340 | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. | [email protected] | 6.6 | 0.05% | 2025-05-13 | 2025-11-26 |
| CVE-2024-21975 | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | [email protected] | 8.8 | 0.27% | 2024-11-12 | 2024-11-15 |
| CVE-2024-21974 | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | [email protected] | 8.8 | 0.27% | 2024-11-12 | 2024-11-15 |
| CVE-2024-21958 | Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.27% | 2024-11-12 | 2024-12-18 |
| CVE-2024-21957 | Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.27% | 2024-11-12 | 2024-12-18 |
| CVE-2024-21949 | Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. | [email protected] | 5.5 | 0.22% | 2024-11-12 | 2024-11-15 |
| CVE-2024-21946 | Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.24% | 2024-11-12 | 2024-12-18 |
| CVE-2024-21945 | Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | [email protected] | 7.3 | 0.24% | 2024-11-12 | 2024-12-18 |