Main Vulnerability Database Vulnerabilities #VU112112

#VU112112 Permissions, Privileges, and Access Controls in AMD products - CVE-2025-0038

Published: July 2, 2025

Vulnerability identifier: #VU112112

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-0038

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Kria SOM
Zynq UltraScale+ MPSoCs
Zynq UltraScale+ RFSoCs
AMD Platform Management Unit (PMU)

Software vendor:
AMD

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the lack of address validation when executing CSU runtime services through the PMU Firmware. A local user can gain access to isolated or protected memory spaces, leading to loss of integrity and confidentiality.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html

#VU112112 Permissions, Privileges, and Access Controls in AMD products - CVE-2025-0038

Description

Remediation

External links

Please verify you're human