Skip to main content

AMD Ryzen PMF CVE-2025-29935

| EUVDEUVD-2025-209872 HIGH
Out-of-bounds Write (CWE-787)
2026-05-15 AMD GHSA-rwhw-hw5r-w3cf
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:30 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
8.4 (HIGH)
CVE Published
May 15, 2026 - 01:53 nvd
HIGH 8.4

DescriptionCVE.org

An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.

AnalysisAI

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to execute arbitrary code with elevated system privileges through an out-of-bounds write vulnerability. Affects multiple AMD Ryzen processor series (6000, 7035, 7040, 8040, and Embedded R8000) across mobile and embedded platforms. The CVSS 4.0 score of 8.4 reflects high impact to system integrity and availability with changed scope, indicating the attacker can escape the vulnerable component's security context. No active exploitation confirmed in CISA KEV at time of analysis, and public exploit code availability is not indicated in current intelligence.

Technical ContextAI

The AMD Platform Management Framework (PMF) is a software component that manages power, thermal, and performance features on AMD Ryzen mobile and embedded processors. CWE-787 (Out-of-bounds Write) indicates improper bounds checking allows writing data beyond allocated memory buffers. The vulnerability affects the PMF driver/service layer which operates at elevated privilege levels to interface with processor hardware. Affected CPE strings identify specific Ryzen processor families from 6000-series through 8040-series mobile processors plus Embedded R8000 series, spanning multiple architecture generations (Rembrandt, Phoenix, Hawk Point codenames). The out-of-bounds write condition in PMF's memory handling functions enables memory corruption attacks that can overwrite critical data structures or inject malicious code into privileged memory regions.

RemediationAI

Apply AMD-provided PMF software updates as detailed in AMD Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). The fix likely involves updated PMF driver packages distributed through Windows Update, AMD Software installer, or OEM system updates depending on deployment model. Organizations should prioritize patching for systems where local users have low-privileged access (shared workstations, terminal servers, development environments). If patching cannot be immediately deployed, implement compensating controls: restrict local user privileges through least-privilege access policies to minimize PR:L attacker pool, enable enhanced endpoint detection focusing on privilege escalation attempts from PMF processes, monitor for unusual PMF service behavior or crashes indicating exploitation attempts, and isolate high-value systems from untrusted local users. Note that disabling PMF entirely may impact power management and thermal features, potentially affecting system performance and battery life on mobile platforms. Defense-in-depth measures like application whitelisting and credential protection technologies (Windows Defender Credential Guard) can limit post-exploitation impact even if PMF is compromised.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2025-29935 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy