An unchecked return value within AMD’s Platform Management Framework, a flaw identified as CWE-252, permits an attacker to write to an arbitrary memory address, which can lead to denial of service or arbitrary code execution. The flaw arises when the framework ignores the success status of a low‑level memory operation, enabling the attacker to control the destination pointer. This effect directly threatens the integrity and availability of the system, as memory corruption can disrupt normal operation or allow execution of malicious code.

This vulnerability affects AMD Ryzen Embedded 8000 Series, Ryzen 7035 Series with Radeon Graphics (formerly Rembrandt R), Ryzen 7040 Series Mobile with Radeon Graphics (formerly Phoenix), and Ryzen 8040 Series Mobile with Radeon Graphics (formerly Hawk Point). The advisory does not list specific firmware versions; any system running the AMD Platform Management Framework on these processors is potentially vulnerable.

The CVSS score is 7.1, indicating a high impact level. No EPSS score is available, so the current exploitation probability is unknown. The vulnerability is not listed in CISA’s KEV catalog, indicating no publicly observed exploitation yet. Based on the description, a local or privileged attacker with access to the system’s firmware could exploit the flaw by invoking the affected PMF API; this inference is made from the nature of the memory write attack. A remote vector would require the ability to trigger the API from an external interface, which is not detailed in the advisory and is thus inferred as a possibility.