EUVD-2025-209866
GHSA-g9q8-j7rw-6w88
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
AnalysisAI
Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.
Technical ContextAI
The AMD Platform Management Framework (PMF) driver is a kernel-mode component included in AMD Chipset Software packages for Ryzen processors. This driver manages power and performance features on AMD mobile and embedded platforms. The vulnerability stems from improper input validation (CWE-787: Out-of-bounds Write) where user-supplied input to the driver is not properly sanitized before being used in memory operations. This allows crafted IOCTL requests or other driver interfaces to cause the kernel driver to read or write memory outside allocated buffers. Since the driver operates at Ring 0 (kernel mode), successful exploitation allows an attacker to corrupt kernel memory structures, potentially hijacking execution flow or modifying security tokens to gain SYSTEM/root privileges. The affected CPE strings identify specific Ryzen processor generations (Rembrandt, Rembrandt R, Phoenix, Hawk Point) and their corresponding chipset driver packages across consumer mobile (6000/7000/8000 series) and embedded (8000 series) product lines.
RemediationAI
Install AMD Chipset Software version 7.06.02.123 or later, available from the AMD driver download portal or system manufacturer support sites. Download the appropriate installer (amd_chipset_software_7.06.02.123.exe for Windows systems) from https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html and follow the installation wizard. Reboot the system after installation to load the patched PMF driver. For enterprise deployments, distribute the updated driver package through existing software management systems (SCCM, Intune, Ansible). If immediate patching is not possible, implement compensating controls by restricting local logon access to trusted administrators only, disabling standard user accounts on affected systems, or deploying application control policies (AppLocker, Windows Defender Application Control) to block unsigned kernel driver loads. Note that restricting local access reduces usability on shared workstations and does not protect against insider threats or already-compromised user accounts. Verify patch deployment by checking driver version properties for the amd_pmf.sys file or querying AMD Chipset Software version through Windows Programs and Features.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today