EUVD-2025-209867
GHSA-72v7-rm66-2gr3
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.
AnalysisAI
Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access.
Technical ContextAI
AMD Platform Management Framework (PMF) is a kernel-level driver component managing power, thermal, and performance features across AMD Ryzen mobile and embedded processors. The vulnerability stems from CWE-252 (Unchecked Return Value), where the PMF driver fails to properly validate return values from system calls or API functions before using them in memory operations. This allows an attacker to control addresses used in subsequent read/write operations. Affected CPE strings indicate impact across Rembrandt (Ryzen 6000/7035), Phoenix (Ryzen 7040), Hawk Point (Ryzen 8040), and Ryzen Embedded 8000 processor families. The CVSS 4.0 vector shows both victim system (VC:H/VA:H) and subsequent system (SC:H/SA:H) impact, indicating the flaw can affect virtualized environments where guest compromise leads to hypervisor or adjacent VM impact.
RemediationAI
Apply AMD Platform Management Framework driver updates provided in AMD Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). Download patched PMF drivers from AMD support portal matching your specific processor family and operating system. For Windows systems, update via Windows Update or AMD Software Adrenalin Edition. For Linux systems, update kernel drivers through distribution-specific channels or AMD-provided kernel modules. Until patches are deployed, implement compensating controls by restricting local user privileges through principle of least privilege policies, disabling unnecessary local accounts, and monitoring for unusual kernel-mode driver access patterns using EDR solutions. In virtualized environments, ensure hypervisor isolation controls are maximized and consider temporarily limiting AMD PMF driver loading in guest VMs if power management features are non-critical. Note that disabling PMF entirely may impact laptop battery life optimization and thermal management, requiring trade-off assessment between security and power efficiency.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today