Description
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
Published: 2026-05-15
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper input validation defect in AMD's Platform Management Framework driver can be exploited by a local user to read beyond the bounds of an internal buffer. The resulting out‑of‑bounds read may leak sensitive data or cause the driver to terminate, constituting an information disclosure vulnerability under CWE‑125.

Affected Systems

The vulnerability affects AMD Ryzen 6000 Series Processors with Radeon Graphics, Ryzen 7035 Series Processors, Ryzen 7040 and 8040 series mobile processors, and AMD Ryzen Embedded 8000 Series processors. Version details are not specified in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity level. Because the vulnerability requires local access to the driver, the attack vector is local. EPSS information is unavailable, and there is no current listing in the CISA KEV catalog, suggesting limited availability of public exploits. Nonetheless, the driver’s high‑privileged context means that a successful out‑of‑bounds read could expose confidential information or destabilize the system, making it a notable risk for environments where local users have elevated privileges.

Generated by OpenCVE AI on May 15, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the AMD security bulletin SB‑4015 for an available firmware or driver update that addresses the Platform Management Framework issue.
  • Apply any released firmware or BIOS update to replace the vulnerable driver as soon as possible.
  • If a fix is not yet available, limit local users’ ability to load or interact with the PMF driver by adjusting file permissions or disabling the driver as a temporary mitigation.

Generated by OpenCVE AI on May 15, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Local Out‑of‑Bounds Read in AMD Platform Management Framework Driver

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:31:06.962Z

Reserved: 2025-05-22T16:34:07.748Z

Link: CVE-2025-48520

cve-icon Vulnrichment

Updated: 2026-05-15T13:31:03.543Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:22.953

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-48520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:00:12Z

Weaknesses