Description
Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.
Published: 2026-05-15
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper input validation in the AMD Platform Management Framework (PMF) permits an attacker to instruct PMF to unmap arbitrary memory pages. This behavior can corrupt integrity, cause system instability or denial of service, and enable privilege escalation, potentially compromising confidentiality if the attacker gains higher‑level access.

Affected Systems

All AMD Ryzen processor families listed by AMD as affected, including the 6000, 7035, 7040 Mobile, 8040 Mobile, AI 300, Al Max+, and Embedded 8000 Series processors. No specific processor revisions or firmware versions are enumerated, so users should assume all current builds are potentially vulnerable until the vendor issues a patch.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity level, and while the EPSS score is not available, the lack of an EPSS figure does not mitigate the seriousness of the flaw. The vulnerability is not listed in the CISA KEV catalog, so no known widespread exploitation has been reported yet. Exploitation would require the attacker to send crafted input to the PMF. The precise attack vector is not disclosed in the description, but the PMF operates at privileged firmware or management‑level, suggesting the threat may manifest locally or via remote management protocols that interact with firmware. The combination of privileged access and memory manipulation makes the risk significant.

Generated by OpenCVE AI on May 15, 2026 at 04:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update released in AMD Bulletin AMD‑SB‑4015 to patch the Platform Management Framework.
  • Limit access to the PMF management interface, disabling or restricting remote management protocols that can send configuration data to the firmware.
  • Enable system monitoring to alert on unexpected memory unmappings, privilege escalations, or service interruptions that could indicate exploitation attempts.

Generated by OpenCVE AI on May 15, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title AMD PMF Vulnerability Allows Unmapped Memory Attack and Privilege Escalation

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:28:48.055Z

Reserved: 2025-03-12T15:14:59.391Z

Link: CVE-2025-29936

cve-icon Vulnrichment

Updated: 2026-05-15T13:28:44.575Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:21.577

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-29936

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T05:00:12Z

Weaknesses