Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations