Radeon Software

radeon_software

Vendor: Amd • 52 CVEs

CVEs (52)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-36333 1Amd 2Cleanup Utility Radeon Software May 18, 2026 May 15, 2026 7.0 HIGH· v4 7.8 HIGH· v3 N/A· v2 A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2023-31324 1Amd 4Radeon Pro Vii Firmware Radeon SoftwareRadeon Vii Firmware+1 more Mar 5, 2026 Feb 11, 2026 7.1 HIGH· v4 7.8 HIGH· v3 N/A· v2 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potential...Show more A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.Show less
CVE-2023-20548 1Amd 4Radeon Pro Vii Firmware Radeon SoftwareRadeon Vii Firmware+1 more Mar 5, 2026 Feb 11, 2026 7.1 HIGH· v4 7.8 HIGH· v3 N/A· v2 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVE-2024-21937 1Amd 2Radeon Software Radeon Software For Hip Nov 27, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2023-31307 1Amd 1Radeon Software Dec 13, 2024 Aug 13, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVE-2023-20510 1Amd 1Radeon Software Dec 12, 2024 Aug 13, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVE-2021-26367 1Amd 36Athlon Gold 3150c Firmware Athlon Gold 3150g FirmwareAthlon Gold 3150u Firmware+33 more Dec 12, 2024 Aug 13, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVE-2023-31320 1Amd 5Radeon Pro Vega 56 Firmware Radeon Pro Vega 64 FirmwareRadeon Rx Vega 56 Firmware+2 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service.
CVE-2023-20568 2Amd Intel 6Radeon Pro Vega 56 Firmware Radeon Pro Vega 64 FirmwareRadeon Rx Vega 56 Firmware+3 more Feb 13, 2025 Nov 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arb...Show more Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.Show less
CVE-2023-20567 2Amd Intel 6Radeon Pro Vega 56 Firmware Radeon Pro Vega 64 FirmwareRadeon Rx Vega 56 Firmware+3 more Feb 13, 2025 Nov 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading t...Show more Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.Show less
CVE-2021-46748 2Amd Intel 6Radeon Pro Vega 56 Firmware Radeon Pro Vega 64 FirmwareRadeon Rx Vega 56 Firmware+3 more Feb 13, 2025 Nov 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
CVE-2023-20598 1Amd 1Radeon Software Nov 21, 2024 Oct 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a...Show more An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. Show less
CVE-2023-20586 1Amd 1Radeon Software Nov 21, 2024 Aug 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD...Show more A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations Show less
CVE-2021-26393 1Amd 67Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+64 more Nov 21, 2024 Nov 9, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of t...Show more Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.Show less
CVE-2021-26392 1Amd 103Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+100 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
CVE-2021-26391 1Amd 26Enterprise Driver Radeon Pro SoftwareRadeon Rx Vega 56 Firmware+23 more May 1, 2025 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
CVE-2021-26360 1Amd 3Enterprise Driver Radeon Pro SoftwareRadeon Software May 1, 2025 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory content...Show more An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.Show less
CVE-2020-12931 1Amd 101Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+98 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
CVE-2020-12930 1Amd 103Amd 3015ce Firmware Amd 3015e FirmwareAmd 3020e Firmware+100 more Nov 21, 2024 Nov 9, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
CVE-2021-26363 1Amd 34Radeon Software Ryzen 3 3100 FirmwareRyzen 3 3300g Firmware+31 more Nov 21, 2024 May 12, 2022 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

12 3 Next