These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-40677 is a HIGH-severity vulnerability (CVSS score: 7.7) that was published on 2026-06-12T16:16:27.400Z and modified on 2026-06-12T16:22:46.947Z. The vulnerability is related to the use of insecure HTTP transport within AMD optional tools, which could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution. The CVE record [resourceLinkAnnotations:c [truncated]
CVE-2024-21944 is a medium-severity vulnerability (CVSS Score: 5.3) that involves improper input validation for DIMM serial presence detect (SPD) metadata. This vulnerability could potentially allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to overwrite guest memory, resulting in loss of guest data integrity.
A vulnerability in AMD uProf, tracked as CVE-2026-28237, may allow for unrestricted resource allocation. This could be exploited to consume excessive system resources, potentially leading to a loss of availability. The vulnerability has a CVSS score of 6.8 and is classified as MEDIUM severity.
CVE-2026-0466 is a MEDIUM-severity vulnerability in AMD uProf, a profiling tool for AMD processors. The vulnerability is caused by improper access control, allowing a local attacker with user privileges to write to the kernel-shared memory section. This could potentially result in a crash or denial of service.
CVE-2025-54509 is a Medium severity vulnerability (CVSS Score: 4) affecting an unknown vendor and product. The vulnerability is related to improper access control for the register interface in the input-output memory management unit (IOMMU), which could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP), potentially resulting in loss of integrity.
CVE-2024-36343 is a medium-severity vulnerability (CVSS 4.6) affecting AMD products, published on 2026-05-19 and last modified on 2026-05-20. The vulnerability stems from improper input validation in the System Management Mode (SMM) communications buffer, which could allow a privileged attacker with local access and high privileges to perform out-of-bounds read or write operations to a limited section of [truncated]
CVE-2025-54518 is a high-severity vulnerability affecting Zen 2-based products. The issue involves improper isolation of shared resources within the CPU operation cache, which could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.3, indicating a [truncated]
CVE-2024-36333 is a high-severity DLL hijacking issue in AMD Cleanup Utility. According to the NVD record, a low-privilege local attacker with user interaction may be able to influence DLL loading and escalate privileges, potentially resulting in arbitrary code execution. NVD cites AMD’s security bulletin as the vendor remediation reference and lists AMD Cleanup Utility 25.20.00.00 among the affected products.
CVE-2025-54502 is a HIGH-severity vulnerability in the AMD Platform Configuration Blob (APCB) SMM driver. A privileged attacker with local access (Ring 0) could exploit this vulnerability to achieve privilege escalation, potentially leading to arbitrary code execution. The vulnerability has a CVSS score of 7.1. The CVE was published on 2026-04-16 and last modified on 2026-06-30. AMD has released a securit [truncated]
CVE-2023-20593 is a medium-severity information disclosure issue in certain AMD processors. In the ABB/CISA advisory, the exposure is tied to ABB M2M Gateway ARM600 firmware and software deployments, with an important caveat: the advisory says ARM600 servers use Intel processors, but some ARM600 SW installations may run in AMD processor environments. The main risk is confidentiality loss, not code executi [truncated]
CVE-2023-20569 is a speculative-execution information disclosure issue affecting certain AMD processors. In ABB’s advisory for ARM600, the vendor notes that ARM600 servers use Intel processors, but ARM600 software installations may exist in AMD processor environments. The affected ABB products listed are ARM600 firmware versions 4.1.2 through 5.0.3 and ARM600 SW versions 5.0.1 through 5.0.3. The primary d [truncated]
CISA’s 2025-04-07 advisory for ABB M2M Gateway (ARM600) ties CVE-2021-26401 to a flaw in certain AMD processors involving the LONGJMP assembly command. The issue is described as potentially enabling arbitrary code execution. ABB’s affected product ranges are ARM600 firmware 4.1.2 through 5.0.3 and ABB M2M Gateway SW 5.0.1 through 5.0.3. The advisory also notes that ARM600 servers include Intel processors, [truncated]