CVE-2025-0036
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-12
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
| CWE-941 | The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor. |
| CWE-682 | The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. |
| CWE-772 | The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AMD Versal Adaptive SoC devices involves improper configuration of the Secure Stream Switch (SSS) during runtime cryptographic operations managed by the Platform Loader and Manager (PLM). After completing a cryptographic operation, the PLM fails to clear the SSS configuration, which can cause incorrect data to be written to or read from invalid memory locations and result in incorrect cryptographic data being returned. This affects cryptographic operations such as AES, SHA3, RSA, and ECDSA executed by the PLM on behalf of a remote processor. [1]
How can this vulnerability impact me? :
The vulnerability can impact the integrity of cryptographic operations by causing data to be incorrectly written or read, and by returning incorrect cryptographic results. This could potentially undermine the reliability of cryptographic functions performed by the device, possibly affecting the security of data processed during these operations. However, no specific severity or detailed impact information is provided. [1]
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not specify immediate mitigation steps for this vulnerability. It is recommended to monitor AMD's official security bulletin for updates or patches related to CVE-2025-0036 and apply any provided fixes or configuration guidance once available. [1]