Skip to main content

AMD Secure Processor PCI Driver EUVDEUVD-2025-209862

| CVE-2025-0045 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-05-15 AMD GHSA-jghc-g6xj-rr96
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 04:16 vuln.today
CVSS changed
May 15, 2026 - 02:22 NVD
6.9 (MEDIUM)
CVE Published
May 15, 2026 - 01:47 nvd
UNKNOWN (no severity yet)
CVE Published
May 15, 2026 - 01:47 nvd
MEDIUM 6.9

DescriptionCVE.org

Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service

AnalysisAI

Buffer overflow in the AMD Secure Processor (ASP) PCI driver affects dozens of AMD Ryzen, EPYC, and Threadripper processor families across desktop, mobile, and embedded variants. Local attackers with user-level privileges can trigger improper input validation in the driver to cause a crash or denial of service, with potential for integrity impact. The vulnerability requires local access and authenticated user privileges; no active exploitation in the wild has been confirmed, and vendor-released patches are available.

Technical ContextAI

The AMD Secure Processor (ASP) is a dedicated security coprocessor integrated into modern AMD processors (Ryzen, EPYC, Threadripper, Embedded variants). The vulnerability exists in the PCI driver that manages communication between the host CPU and the ASP firmware. CWE-120 (Buffer Copy without Checking Size of Input) indicates the driver fails to properly validate the length of input data before copying it into a fixed-size buffer. This is a classic stack or heap buffer overflow condition. The affected driver component ships as part of the AMD Ryzen Chipset Driver package (PSP driver subsystem) on Windows systems. The root cause involves insufficient bounds checking on untrusted input from user-mode applications accessing the ASP PCI device interface.

RemediationAI

Install AMD Ryzen Chipset Driver version 7.02.13.148 or later with PSP driver version 5.38.0.0 or later, available from AMD's product security bulletins AMD-SB-4015 and AMD-SB-3047. Embedded processor users should update to the Q2-2025 or later certified Catalyst WHQL drivers as specified in EUVD-2025-209862 for their respective series (R2000/V2000, 7000/8000/9000). On systems requiring extended support periods, restrict user-level access to the ASP PCI device interface via OS access control lists or device permission policies until the chipset driver can be updated; this mitigates exploitation risk from unprivileged users but does not prevent attacks by administrators or kernel-level code. Windows Update may distribute these patches automatically on consumer systems; verify installation on enterprise endpoints using SCCM, Intune, or local version reporting tools. No workaround prevents exploitation for authenticated users short of driver update.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

EUVD-2025-209862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy