CVE-2025-0036 PUBLISHED

Assigner: AMD
Reserved: 21.11.2024 Published: 09.06.2025 Updated: 30.06.2025

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
CVSS Score: 3.2

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	AMD
Product	Versal Adaptive SoC Devices
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal RF Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal AI Edge Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal Prime Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal Premium Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal AI Core Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Versal HBM Series
Versions	Default: affected Version 2025.1 release is unaffected

Vendor	AMD
Product	Alveo V80 Compute Accelerator
Versions	Default: affected Version 2025.1 release is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html

Problem Types

CWE-682 Incorrect Calculation CWE
CWE-772 Missing Release of Resource after Effective Lifetime CWE
CWE-940 Improper Verification of Source of a Communication Channel CWE
CWE-941 Incorrectly Specified Destination in a Communication Channel CWE
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE