EUVD-2025-209872
GHSA-rwhw-hw5r-w3cf
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.
AnalysisAI
Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence.
Technical ContextAI
The AMD Platform Management Framework (PMF) is a software component that manages power, thermal, and performance features on AMD Ryzen mobile and embedded processors. CWE-787 (Out-of-bounds Write) indicates improper bounds checking allows writing data beyond allocated memory buffers. The vulnerability affects the PMF driver/service layer which operates at elevated privilege levels to interface with processor hardware. Affected CPE strings identify specific Ryzen processor families from 6000-series through 8040-series mobile processors plus Embedded R8000 series, spanning multiple architecture generations (Rembrandt, Phoenix, Hawk Point codenames). The out-of-bounds write condition in PMF's memory handling functions enables memory corruption attacks that can overwrite critical data structures or inject malicious code into privileged memory regions.
RemediationAI
Apply AMD-provided PMF software updates as detailed in AMD Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). The fix likely involves updated PMF driver packages distributed through Windows Update, AMD Software installer, or OEM system updates depending on deployment model. Organizations should prioritize patching for systems where local users have low-privileged access (shared workstations, terminal servers, development environments). If patching cannot be immediately deployed, implement compensating controls: restrict local user privileges through least-privilege access policies to minimize PR:L attacker pool, enable enhanced endpoint detection focusing on privilege escalation attempts from PMF processes, monitor for unusual PMF service behavior or crashes indicating exploitation attempts, and isolate high-value systems from untrusted local users. Note that disabling PMF entirely may impact power management and thermal features, potentially affecting system performance and battery life on mobile platforms. Defense-in-depth measures like application whitelisting and credential protection technologies (Windows Defender Credential Guard) can limit post-exploitation impact even if PMF is compromised.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today