CVE-2025-29935 PUBLISHED

Assigner: AMD
Reserved: 12.03.2025 Published: 15.05.2026 Updated: 15.05.2026

An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 8.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	None	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")
Versions	Default: affected Version 7.06.02.123 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix")
Versions	Default: affected Version 7.06.02.123 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point")
Versions	Default: affected Version 7.06.02.123 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt")
Versions	Default: affected Version 7.06.02.123 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded R8000 Series Processors
Versions	Default: affected Version AMD Ryzen™ Chipset Driver 7.06.02.123 is unaffected

Credits

Reported through AMD Bug Bounty Program

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html

Problem Types

CWE-787 Out-of-bounds Write CWE