Description
Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.
Published: 2026-05-15
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper access control between the Joint Test Action Group (JTAG) interface and the Advanced Extensible Interface (AXI) on AMD Ryzen processors. An attacker with physical access can read or overwrite cross‑chip debug (XCD) registers, potentially compromising data integrity or confidentiality. The flaw is classified as CWE‑284: Improper Access Control.

Affected Systems

Affected processors include AMD Ryzen 7040 Series Mobile CPUs with Radeon Graphics, AMD Ryzen 8000 Series Desktop CPUs, Ryzen 8040 Series Mobile CPUs with Radeon Graphics, and AMD Ryzen Embedded 8000 Series CPUs.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk. EPSS is unavailable, so the likelihood of exploitation is uncertain, but the vulnerability is not listed in CISA KEV, suggesting no publicly known exploits yet. The attack requires direct physical access to the JTAG/AXI interface; an attacker would need to locate the debug ports on the silicon or motherboard, connect to them, and issue read/write commands. Mitigation involves disabling the interfaces or shielding the silicon.

Generated by OpenCVE AI on May 15, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the JTAG and AXI debug interfaces in BIOS or firmware when they are not required.
  • Enforce strict physical security controls to prevent unauthorized access to the device's debug ports.
  • Deploy the latest AMD firmware or hardware revisions that address the improper access control issue, or apply any vendor‑issued workarounds if available.

Generated by OpenCVE AI on May 15, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Physical Access Enables Reading and Writing of Debug Registers on AMD Ryzen Processors

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:22:52.097Z

Reserved: 2024-11-21T16:18:07.633Z

Link: CVE-2025-0040

cve-icon Vulnrichment

Updated: 2026-05-15T13:22:48.323Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:21.210

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-0040

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses