Skip to main content

AMD Platform Management Framework CVE-2025-29938

| EUVDEUVD-2025-209874 HIGH
Unchecked Return Value (CWE-252)
2026-05-15 AMD GHSA-mh6f-jq3x-vvpv
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:31 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
7.1 (HIGH)
CVE Published
May 15, 2026 - 01:53 nvd
HIGH 7.1

DescriptionCVE.org

An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.

AnalysisAI

Arbitrary code execution and denial of service in AMD Platform Management Framework (PMF) affects Ryzen 7035, 7040, 8040 mobile processors and Ryzen Embedded 8000 series. A local authenticated attacker exploiting an unchecked return value vulnerability can write to arbitrary memory locations, potentially escalating privileges from low to high integrity across system boundaries. The CVSS 4.0 score of 7.1 reflects local attack vector with low complexity but requires specific attack timing conditions (AT:P), though the cross-scope impact (S:H) and high confidentiality/integrity impact to subsequent systems elevate real-world risk for enterprise environments with AMD mobile processors.

Technical ContextAI

The vulnerability resides in AMD's Platform Management Framework (PMF), a system management software component present in modern Ryzen mobile and embedded processors. The root cause is CWE-252 (Unchecked Return Value), where the software fails to validate the success or failure of a critical operation before proceeding. In C/C++ environments common to system firmware and drivers, unchecked return values from memory allocation, privilege checks, or hardware operations can leave pointers uninitialized or contain unexpected values. When the code subsequently dereferences these unchecked values, an attacker who can influence the failed operation can redirect execution flow or corrupt memory at arbitrary addresses. The affected CPE strings identify specific processor families: Rembrandt-R refresh (7035 series), Phoenix (7040 series), Hawk Point (8040 series), and Ryzen Embedded 8000 series, suggesting the vulnerable PMF code is shared across AMD's 2023-2024 mobile processor lineup. PMF typically operates with elevated system privileges to manage power states, thermal profiles, and performance tuning, making memory corruption vulnerabilities particularly severe.

RemediationAI

Apply AMD-provided firmware and driver updates per Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). Specific patch versions not disclosed in available data - consult the bulletin for affected BIOS revisions and PMF driver updates for each processor family. Patches likely address the unchecked return value by adding proper validation logic before memory operations. Workarounds: Restrict local user privileges to trusted accounts only, as exploitation requires low-privileged local access. Deploy endpoint detection and response (EDR) solutions to monitor for suspicious driver interactions or unexpected privilege escalations from user-mode processes. In high-security environments, consider disabling AMD PMF service if power management tuning is not operationally required, though this may impact battery life and thermal performance on mobile systems. Verify patch application through BIOS version checks and driver enumeration (check PMF driver file versions in Windows Device Manager or Linux lsmod output). No compensating network controls are relevant given local attack vector.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2025-29938 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy