CVE-2025-54515
BaseFortify
Publication date: 2025-11-23
Last updated on: 2025-12-19
Assigner: Advanced Micro Devices Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | versal_adaptive_soc | * |
| amd | alveo_v80_compute_accelerator | * |
| amd | alveo_v70_accelerator_card | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Secure Flag in the Arm Trusted Firmware for Cortex-A processors on Versal Adaptive SoC. The flag was incorrectly set to indicate that PSCI (Power State Coordination Interface) commands came from a secure processor state, even when they originated from a non-secure state. This misrepresentation could cause the system to treat non-secure requests as if they were secure.
How can this vulnerability impact me? :
The vulnerability could allow PSCI requests from non-secure processors to be treated as if they were from secure processors. This may lead to unauthorized access or actions being performed under the assumption they are secure, potentially compromising system security or trust boundaries.