Description
An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.
Published: 2026-05-15
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the AMD Platform Management Framework permits an out‑of‑bounds write that could give an attacker the ability to execute code with elevated privileges. This flaw can compromise the confidentiality, integrity, and availability of the affected system, as privileged code execution could allow the attacker to tamper with firmware, disable security features, or gain total system control.

Affected Systems

Vulnerable devices include AMD Ryzen 6000, 7035, 7040, 8040, and Embedded R8000 Series processors that incorporate Radeon graphics. The list covers both desktop and mobile platforms that use the AMD Platform Management Framework, and the bug affects all listed processor models unless a vendor update has been applied.

Risk and Exploitability

The CVSS base score of 8.4 indicates a high severity for this data‑critical flaw. While the EPSS score is not available, the lack of exploitation data does not reduce the risk; this type of out‑of‑bounds write is a well‑known exploitation vector. The vulnerability is not yet listed in CISA's KEV catalog, but the potential for privileged code execution suggests that it could be actively leveraged. The likely attack vector is local or proximity based, but the lack of documented exploitation makes the exact method uncertain. Cleanup or mitigation should rely on official vendor firmware patches once they are released.

Generated by OpenCVE AI on May 15, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD firmware or microcode update once it becomes available to fix the out‑of‑bounds write in the Platform Management Framework.
  • Reboot the system after installing the update to enforce the new memory boundaries and invalidate any cached configurations that could be exploited.
  • Configure BIOS/UEFI settings to restrict or disable unused Platform Management features and enforce strong authentication for any privileged interfaces that remain active.

Generated by OpenCVE AI on May 15, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in AMD Platform Management Framework Allows Elevated Privilege Code Execution

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability.
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:06.233Z

Reserved: 2025-03-12T15:14:59.391Z

Link: CVE-2025-29935

cve-icon Vulnrichment

Updated: 2026-05-15T13:28:37.827Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:21.453

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-29935

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses