Description
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
Published: 2026-05-15
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper input validation flaw in the AMD Platform Management Framework driver permits a local attacker to read or write outside of the intended memory bounds. The vulnerability is identified as CWE-787 (Out‑of‑Bounds Access). When leveraged, the flaw can cause the attacker to gain higher privileges than authorized, potentially compromising system integrity and confidentiality.

Affected Systems

The issue affects AMD Ryzen series processors that include the Platform Management Framework, specifically the 6000, 7035, 7040 mobile, 8040 mobile, and embedded 8000 series. No specific firmware or driver versions are listed, so all current models using the affected PMF driver are considered vulnerable.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity, and the lack of an EPSS score means there is no current evidence of exploitation frequency. The vulnerability is not recorded in CISA’s KEV, and the attack vector is inferred to be local, requiring physical or local administrative access to trigger the out‑of‑bounds read/write which could lead to privilege escalation.

Generated by OpenCVE AI on May 15, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the updated AMD Platform Management Framework driver provided in AMD Security Bulletin AMD‑SB‑4015 to patch the out‑of‑bounds input validation flaw.
  • Ensure that the system BIOS and UEFI firmware are also updated to the latest releases, as they may contain related fixes for the Platform Management Framework.
  • Limit physical access to devices that run affected processors, restricting the ability of untrusted personnel to execute local attacks.

Generated by OpenCVE AI on May 15, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Out-of-Bounds Access in AMD PMF Driver

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:08.501Z

Reserved: 2025-05-22T16:34:07.748Z

Link: CVE-2025-48519

cve-icon Vulnrichment

Updated: 2026-05-15T13:31:24.903Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:22.823

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-48519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T03:30:35Z

Weaknesses