CVE-2025-48513 PUBLISHED

Assigner: AMD
Reserved: 22.05.2025 Published: 15.05.2026 Updated: 15.05.2026

Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor AMD
Product AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt R")
Versions Default: affected
  • Version 7.06.02.123 is unaffected
Vendor AMD
Product AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Phoenix")
Versions Default: affected
  • Version 7.06.02.123 is unaffected
Vendor AMD
Product AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (formerly codenamed "Hawk Point")
Versions Default: affected
  • Version 7.06.02.123 is unaffected
Vendor AMD
Product AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (formerly codenamed "Rembrandt")
Versions Default: affected
  • Version 7.06.02.123 is unaffected
Vendor AMD
Product AMD Ryzen™ Z1 Series Processors
Versions Default: affected
  • Version 7.06.02.123 is unaffected
Vendor AMD
Product AMD Ryzen™ Embedded 8000 Series Processors
Versions Default: affected
  • Version AMD Ryzen™ Chipset Driver 7.06.02.123 is unaffected

Credits

  • Reported through AMD Bug Bounty Program

References

Problem Types

  • CWE-908 Use of Uninitialized Resource CWE