Skip to main content

AMD Platform Management Framework EUVDEUVD-2025-209867

| CVE-2025-0028 HIGH
Unchecked Return Value (CWE-252)
2026-05-15 AMD GHSA-72v7-rm66-2gr3
8.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:30 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
8.3 (HIGH)
CVE Published
May 15, 2026 - 01:52 nvd
HIGH 8.3

DescriptionCVE.org

An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability.

AnalysisAI

Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access.

Technical ContextAI

AMD Platform Management Framework (PMF) is a kernel-level driver component managing power, thermal, and performance features across AMD Ryzen mobile and embedded processors. The vulnerability stems from CWE-252 (Unchecked Return Value), where the PMF driver fails to properly validate return values from system calls or API functions before using them in memory operations. This allows an attacker to control addresses used in subsequent read/write operations. Affected CPE strings indicate impact across Rembrandt (Ryzen 6000/7035), Phoenix (Ryzen 7040), Hawk Point (Ryzen 8040), and Ryzen Embedded 8000 processor families. The CVSS 4.0 vector shows both victim system (VC:H/VA:H) and subsequent system (SC:H/SA:H) impact, indicating the flaw can affect virtualized environments where guest compromise leads to hypervisor or adjacent VM impact.

RemediationAI

Apply AMD Platform Management Framework driver updates provided in AMD Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). Download patched PMF drivers from AMD support portal matching your specific processor family and operating system. For Windows systems, update via Windows Update or AMD Software Adrenalin Edition. For Linux systems, update kernel drivers through distribution-specific channels or AMD-provided kernel modules. Until patches are deployed, implement compensating controls by restricting local user privileges through principle of least privilege policies, disabling unnecessary local accounts, and monitoring for unusual kernel-mode driver access patterns using EDR solutions. In virtualized environments, ensure hypervisor isolation controls are maximized and consider temporarily limiting AMD PMF driver loading in guest VMs if power management features are non-critical. Note that disabling PMF entirely may impact laptop battery life optimization and thermal management, requiring trade-off assessment between security and power efficiency.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

EUVD-2025-209867 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy