Description
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.
Published: 2026-05-15
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by an uninitialized resource in the AMD Platform Management Framework, which can be leveraged by an attacker to read kernel memory that has not been properly initialized. This flaw is classified as CWE-908 and can result in the disclosure of sensitive data or disruption of system availability if kernel memory contents are corrupted or improperly accessed.

Affected Systems

The affected products are AMD Ryzen series processors, including the 6000, 7035, 7040 Mobile, 8040 Mobile, Embedded 8000, and Z1 series. Versions of the Platform Management Framework onto which this flaw applies are not explicitly listed in the data, so any system running these processor families should be evaluated against the AMD security bulletin.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector requires exploiting the Platform Management Framework, which may demand local privileges or access to the management interface. The absence of a stated exploitation path suggests that an attacker would need either physical or privileged remote access to the system’s management controllers to read uninitialized kernel memory.

Generated by OpenCVE AI on May 15, 2026 at 04:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware or BIOS update provided in AMD SB-4015 to initialize all resources used by the Platform Management Framework.
  • If the Platform Management Interface is not required for operational purposes, disable or lock it down to prevent external or local management traffic.
  • Configure network segmentation and access controls to limit privilege to the management interface, ensuring only trusted hosts can communicate with AMF.

Generated by OpenCVE AI on May 15, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Uninitialized Resource in AMD Platform Management Framework Enables Kernel Memory Read

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.
Weaknesses CWE-908
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:29:54.874Z

Reserved: 2025-05-22T16:34:07.747Z

Link: CVE-2025-48513

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:22.077

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-48513

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T05:00:12Z

Weaknesses