Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.
AnalysisAI
Uninitialized kernel memory within AMD's Platform Management Framework (PMF) can be read by local authenticated attackers, resulting in information disclosure or availability impact. This affects AMD Ryzen processors across multiple generations (6000, 7035, 7040, 8040 series and Z1/Embedded 8000) where PMF is present. The vulnerability requires local access and authenticated user privileges but does not require user interaction, making it exploitable by any local user with login credentials.
Technical ContextAI
The AMD Platform Management Framework is a low-level firmware/driver component running on AMD Ryzen processors that handles platform-level operations and resource management. The vulnerability stems from CWE-908 (Use of Uninitialized Resource), a memory safety flaw where kernel memory buffers are not properly initialized before use. When PMF processes certain operations, it may expose uninitialized kernel memory regions to authenticated local users, allowing information disclosure. This affects multiple processor generations spanning Rembrandt (6000, 7035 series), Phoenix (7040), Hawk Point (8040), Z1, and Embedded 8000 variants. The flaw is in the PMF component itself rather than the CPU microarchitecture, making it a firmware/driver-level vulnerability affecting systems running affected processor generations.
RemediationAI
Apply the Platform Management Framework firmware/driver update provided by AMD via Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). The specific patched firmware version number is not provided in available data-consult the AMD advisory for exact PMF version requirements for your processor series. Interim mitigation: Restrict local system access to trusted users only by disabling unnecessary user accounts and enforcing strong authentication mechanisms (multi-factor authentication if available on your system). For cloud/enterprise environments, implement mandatory access controls and container isolation to prevent lateral movement between tenant environments. Note that firmware updates typically require system restart and may have subtle behavioral impacts on low-level platform management, so test in non-production environments first. Organizations with systems running affected Ryzen generations should prioritize this patch for multi-user systems and cloud deployments where unauthorized local users could exploit this flaw.
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209870
GHSA-p7c5-wcmh-3ww2