CVE-2025-0038
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-08
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | zynq_ultrascale+ | * |
| amd | pmu_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AMD Zynq UltraScale+ devices involves the Platform Management Unit (PMU) Firmware, which provides runtime services for cryptographic operations and configuration management. The issue is that the memory pointers used in these runtime service commands are not properly validated, allowing a remote processor to access or overwrite isolated or protected memory areas. This can lead to loss of confidentiality and integrity of the system. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow unauthorized access to protected memory regions, potentially resulting in the loss of confidentiality and integrity of sensitive data. This could compromise cryptographic operations and system configuration, leading to serious security impacts such as data leakage or system manipulation. [1]