Skip to main content

AMD Platform Management Framework CVE-2025-29936

| EUVDEUVD-2025-209869 HIGH
Improper Input Validation (CWE-20)
2026-05-15 AMD GHSA-7vj2-xcgm-4r5f
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:30 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
8.4 (HIGH)
CVE Published
May 15, 2026 - 01:52 nvd
HIGH 8.4

DescriptionCVE.org

Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.

AnalysisAI

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration.

Technical ContextAI

AMD Platform Management Framework (PMF) is a system-level software component managing power, thermal, and performance optimization on AMD Ryzen mobile processors. The vulnerability stems from CWE-20 (Improper Input Validation) where PMF fails to adequately validate input parameters before performing memory management operations. This allows manipulation of memory unmapping operations to target arbitrary physical or virtual memory pages. Affected products span seven processor families identified by CPE strings: Rembrandt (Ryzen 6000/7035), Phoenix (Ryzen 7040), Hawk Point (Ryzen 8040), Strix Point (Ryzen AI 300), Ryzen AI Max+, and Embedded 8000 series. All are mobile or embedded x86-64 platforms with integrated Radeon graphics. The framework operates with elevated privileges to manage hardware resources, making input validation failures particularly critical as they bridge userspace to kernel/firmware boundary.

RemediationAI

Apply AMD-provided firmware and driver updates per Security Bulletin AMD-SB-4015 available at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html. The bulletin should contain PMF software updates for each affected processor family-check for BIOS/UEFI firmware updates from OEM system vendors (Dell, HP, Lenovo, etc.) as PMF components are often integrated into platform firmware. Update priority: systems with untrusted local users, shared workstations, or running unvetted software. For systems awaiting patches: enforce principle of least privilege rigorously-restrict local user accounts to standard permissions, disable unnecessary local admin rights, deploy application whitelisting to prevent unauthorized code execution that could leverage this vulnerability. Monitor for abnormal memory access patterns or unexpected privilege escalation via EDR telemetry. Note that restricting physical access alone is insufficient since malware with initial foothold can exploit this. Compensating controls reduce but do not eliminate risk-patching remains the only complete mitigation. Verify patch deployment via AMD driver version checks or OEM-specific firmware validation tools.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2025-29936 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy