CVE-2025-0036 PUBLISHED

Assigner: AMD
Reserved: 21.11.2024 Published: 09.06.2025 Updated: 10.06.2025

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
CVSS Score: 3.2

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	AMD
Product	Platform Loader and Manager (PLM)
Versions	Default: affected Version Refer to AMD-SB-8011 is affected

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html

Problem Types

CWE-682 Incorrect Calculation CWE
CWE-772 Missing Release of Resource after Effective Lifetime CWE
CWE-940 Improper Verification of Source of a Communication Channel CWE
CWE-941 Incorrectly Specified Destination in a Communication Channel CWE
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE