Skip to main content

Amd Ryzen Embedded 8000 Series Processors

4 CVEs product

Monthly

CVE-2025-0044 MEDIUM This Month

Out-of-bounds read in power management firmware affects AMD Ryzen AI, Ryzen 7000/8000 series mobile processors, Ryzen 8000 desktop processors, embedded processors, and Radeon graphics products. A local attacker with low privileges can read sensitive firmware data, potentially disclosing confidential information and causing availability degradation. CVSS 4.8 (low severity) reflects limited privilege requirements and contained impact, though the vulnerability affects a broad processor family.

Buffer Overflow Information Disclosure Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics Amd Ryzen Ai 300 Series Processors Amd Ryzen 8000 Series Desktop Processors +5
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-0040 MEDIUM This Month

Improper access control between JTAG and AXI interfaces in AMD Ryzen 7040, 8000, 8040 mobile, and Embedded 8000 series processors allows attackers with physical access to read or modify cross-chip debug (XCD) registers, potentially compromising data integrity and confidentiality. The vulnerability requires physical proximity and specialized hardware capability but can bypass authentication mechanisms protecting debug interfaces. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics Amd Ryzen 8000 Series Desktop Processors Amd Ryzen 8040 Series Mobile Processors With Radeon Graphics Amd Ryzen Embedded 8000 Series Processors
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-0438 MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse Amd Epyc 4004 Series Processors Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics +23
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-54502 HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure Amd Amd Epyc 7003 Series Processors +56
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 4.8
MEDIUM This Month

Out-of-bounds read in power management firmware affects AMD Ryzen AI, Ryzen 7000/8000 series mobile processors, Ryzen 8000 desktop processors, embedded processors, and Radeon graphics products. A local attacker with low privileges can read sensitive firmware data, potentially disclosing confidential information and causing availability degradation. CVSS 4.8 (low severity) reflects limited privilege requirements and contained impact, though the vulnerability affects a broad processor family.

Buffer Overflow Information Disclosure Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics +7
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper access control between JTAG and AXI interfaces in AMD Ryzen 7040, 8000, 8040 mobile, and Embedded 8000 series processors allows attackers with physical access to read or modify cross-chip debug (XCD) registers, potentially compromising data integrity and confidentiality. The vulnerability requires physical proximity and specialized hardware capability but can bypass authentication mechanisms protecting debug interfaces. No public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Amd Ryzen 7040 Series Mobile Processors With Radeon Graphics Amd Ryzen 8000 Series Desktop Processors +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

System Management Mode (SMM) handler in AMD Ryzen mobile, desktop, embedded, Threadripper, and EPYC processors allows privileged local attackers to execute arbitrary code in SMM by triggering a callout to attacker-controlled code in untrusted non-SMM memory. The vulnerability requires high complexity conditions, active user interaction, physical proximity or direct system access, and high privilege level; successful exploitation compromises system confidentiality, integrity, and availability. No public exploit identified at time of analysis.

Information Disclosure Red Hat Suse +25
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure +58
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy