Description
Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
Published: 2026-05-15
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises because the AMD Secure Processor (ASP) PCI driver performs improper input validation, allowing a local actor to trigger a Use‑After‑Free (UAF) condition. This flaw falls under CWE‑416. If successfully exploited, an attacker could corrupt data or cause a denial‑of‑service by crashing the platform, threatening confidentiality, integrity, and availability of the affected system.

Affected Systems

The flaw affects a broad spectrum of AMD hardware, including the Athlon, EPYC, Ryzen, Threadripper, Ryzen Embedded, and Ryzen AI processor families—spanning desktop, mobile, embedded, and server lineups as listed in the vendor product list.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high severity. No EPSS score is available and the vulnerability is not in the CISA KEV catalog. The attack vector is inferred to be local, requiring either local user privileges or physical access to the device to supply the malformed input that triggers the UAF. The absence of a known exploit evidence suggests a limited but non‑negligible risk pending vendor mitigation.

Generated by OpenCVE AI on May 15, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware and BIOS updates from AMD that address this ASP PCI driver vulnerability.
  • Disable the ASP PCI driver or protect it with restrictive access controls if the functionality is not required for your environment.
  • Apply the newest operating‑system kernel and related device driver patches from your OS vendor to reduce interaction paths that could be abused.

Generated by OpenCVE AI on May 15, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Improper Input Validation In AMD Secure Processor PCI Driver Leads To Local Use‑After‑Free

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:32:19.594Z

Reserved: 2025-05-22T16:34:07.748Z

Link: CVE-2025-48521

cve-icon Vulnrichment

Updated: 2026-05-15T13:32:15.926Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:23.077

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-48521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T03:30:35Z

Weaknesses