Skip to main content

AMD Chipset Driver CVE-2026-0432

| EUVDEUVD-2026-30497 HIGH
Incorrect Default Permissions (CWE-276)
2026-05-15 AMD GHSA-fh4m-3c22-f984
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 04:16 vuln.today
CVSS changed
May 15, 2026 - 02:22 NVD
8.5 (HIGH)
CVE Published
May 15, 2026 - 01:46 nvd
UNKNOWN (no severity yet)
CVE Published
May 15, 2026 - 01:46 nvd
HIGH 8.5

DescriptionCVE.org

Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

AnalysisAI

Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.

Technical ContextAI

This vulnerability stems from CWE-276 (Incorrect Default Permissions), affecting the AMD chipset driver installation directory on Windows systems. Chipset drivers operate at kernel level and manage communication between processor, memory, and peripherals. When installation directories have overly permissive default ACLs (Access Control Lists), authenticated users can replace legitimate driver components with malicious code that inherits SYSTEM privileges during driver loading or service startup. The CVSS 4.0 vector confirms local attack surface (AV:L) with low complexity (AC:L), requiring only low privileges (PR:L) and no user interaction (UI:N). The vulnerability spans AMD's entire x86 processor ecosystem from consumer Ryzen 3000 series through latest Ryzen AI 400 series, EPYC 7001-9005 server processors, Threadripper workstation CPUs, and embedded V1000/R1000/R2000/V2000/7000/8000/9000 series, indicating the insecure permissions pattern existed across multiple driver development cycles.

RemediationAI

Install AMD Ryzen Chipset Driver version 8.01.20.513 or later for consumer, workstation, and EPYC 4000-series processors. For AMD EPYC server processors, install AMD Server Software version 8.03.14.329 (EPYC 7001/7002/7003) or 8.03.16.641 (EPYC 8004/9004/9005/9V64H and Instinct MI300A). Embedded processor patches follow separate release schedules: V1000/R1000/R2000/V2000 series receive fixes in Q1 2026 Windows Chipset driver (ticket 72258), Ryzen Embedded 7000/8000/9000 in Q1 2026 driver (ticket 72244), and EPYC Embedded 8004/9005 in Q2 2026 drivers (ticket 72501). Download patched drivers from AMD product support pages referenced in bulletins AMD-SB-4015 and AMD-SB-3047 at https://www.amd.com/en/resources/product-security/. As compensating control until patching, restrict write permissions on AMD chipset driver installation directories (typically C:\Program Files\AMD or C:\AMD) to SYSTEM and Administrators groups only using icacls or Group Policy, though this may break driver update mechanisms. Monitor installation directories for unauthorized modifications using file integrity monitoring (FIM). In high-risk multi-user environments, consider removing standard users from local 'Users' group write access to any subdirectories under driver installation paths, though this requires testing for driver functionality impact.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

CVE-2026-0432 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy