Skip to main content

AMD Platform Management Framework EUVDEUVD-2025-209870

| CVE-2025-48513 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-05-15 AMD GHSA-p7c5-wcmh-3ww2
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:32 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
6.9 (MEDIUM)
CVE Published
May 15, 2026 - 01:51 nvd
MEDIUM 6.9

DescriptionCVE.org

Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.

AnalysisAI

Uninitialized kernel memory within AMD's Platform Management Framework (PMF) can be read by local authenticated attackers, resulting in information disclosure or availability impact. This affects AMD Ryzen processors across multiple generations (6000, 7035, 7040, 8040 series and Z1/Embedded 8000) where PMF is present. The vulnerability requires local access and authenticated user privileges but does not require user interaction, making it exploitable by any local user with login credentials.

Technical ContextAI

The AMD Platform Management Framework is a low-level firmware/driver component running on AMD Ryzen processors that handles platform-level operations and resource management. The vulnerability stems from CWE-908 (Use of Uninitialized Resource), a memory safety flaw where kernel memory buffers are not properly initialized before use. When PMF processes certain operations, it may expose uninitialized kernel memory regions to authenticated local users, allowing information disclosure. This affects multiple processor generations spanning Rembrandt (6000, 7035 series), Phoenix (7040), Hawk Point (8040), Z1, and Embedded 8000 variants. The flaw is in the PMF component itself rather than the CPU microarchitecture, making it a firmware/driver-level vulnerability affecting systems running affected processor generations.

RemediationAI

Apply the Platform Management Framework firmware/driver update provided by AMD via Security Bulletin AMD-SB-4015 (https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html). The specific patched firmware version number is not provided in available data-consult the AMD advisory for exact PMF version requirements for your processor series. Interim mitigation: Restrict local system access to trusted users only by disabling unnecessary user accounts and enforcing strong authentication mechanisms (multi-factor authentication if available on your system). For cloud/enterprise environments, implement mandatory access controls and container isolation to prevent lateral movement between tenant environments. Note that firmware updates typically require system restart and may have subtle behavioral impacts on low-level platform management, so test in non-production environments first. Organizations with systems running affected Ryzen generations should prioritize this patch for multi-user systems and cloud deployments where unauthorized local users could exploit this flaw.

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Share

EUVD-2025-209870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy