EUVD-2025-209863
GHSA-wf3c-3hhh-c9vv
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
AnalysisAI
Use-After-Free vulnerability in the AMD Secure Processor (ASP) PCI driver affects multiple Ryzen, Threadripper, EPYC, and Athlon processor families due to improper input validation. A local attacker with user-level privileges can trigger the UAF condition, resulting in denial of service via platform crash or potential loss of platform integrity. Vendor-released patch: AMD Ryzen Chipset Driver 7.02.13.148 (or equivalent Catalyst driver versions for embedded SKUs). No public exploit identified at time of analysis.
Technical ContextAI
The vulnerability exists in the AMD Secure Processor PCI driver, which manages communication between the main CPU and the integrated Secure Processor (ASP) - a dedicated security coprocessor present in modern AMD Ryzen, EPYC, and related architectures. The root cause is CWE-416 (Use-After-Free), where the driver fails to properly validate input before dereferencing memory pointers, allowing a freed memory region to be accessed after deallocation. This affects the PCI driver component that handles device I/O and memory mapping operations. The vulnerability is triggered through local access via the PCI interface, affecting systems running Windows (based on Catalyst driver references) across desktop, mobile, and server processor lines from AMD's Ryzen 3000-series through Ryzen 9000-series, Threadripper families, EPYC 4004/4005/8004/9000-series, and embedded variants.
RemediationAI
Vendor-released patch: Install AMD Ryzen Chipset Driver 7.02.13.148 for Ryzen, Threadripper, and EPYC consumer/server lines, or equivalent Catalyst driver version 25.6.1 (68926) for Embedded Ryzen 7000/8000/9000-series, version 25Q3 (71251) for Embedded R1000/V1000-series, version 25Q3 (68914) for Embedded R2000/V2000-series, and AM5 Windows Chipset Drivers with Digital Signature Fix (64284) for EPYC Embedded 4005/4004-series. Updates available from AMD security bulletins AMD-SB-4015 and AMD-SB-3047 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html and https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html. If immediate patching is not possible, compensating controls include restricting local user account access to systems (remove non-essential user accounts), disabling local console access where feasible, and isolating systems from untrusted network users via air-gapping or segmentation - however, these do not fully mitigate the vulnerability for legitimate local users. Deployment in virtualized environments with strict VM-to-host isolation reduces risk but does not eliminate it if guest VMs can interact with host ASP via PCI. Prioritize patching multi-user systems, shared access environments, and systems hosting untrusted code.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today