Description
An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.
Published: 2026-05-15
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an improper input validation issue in the AMD Platform Management Framework (PMF) driver that allows an attacker with local access to perform an out‑of‑bounds write. This memory corruption can be leveraged to override control data or elevate privileges, thereby compromising system integrity. The weakness corresponds to CWE‑787 and enables the attacker to gain escalated rights on the affected machine.

Affected Systems

The vulnerability affects AMD Ryzen 6000 Series Processors with Radeon Graphics, AMD Ryzen 7035 Series Processors with Radeon Graphics, AMD Ryzen 7040 Series Mobile Processors with Radeon Graphics, AMD Ryzen 8040 Series Mobile Processors with Radeon Graphics, and AMD Ryzen Embedded 8000 Series Processors. Specific model revisions are not listed, and no version ranges are provided in the public data.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. EPSS data is not available, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires local access, but the lack of additional constraints suggests a reasonably high likelihood of successful privilege escalation on vulnerable systems.

Generated by OpenCVE AI on May 15, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the fix contained in AMD Security Bulletin AMD‑SB‑4015 to update the PMF driver.
  • If the PMF driver is not required for the system’s operation, disable or remove it to eliminate the attack surface.
  • Maintain strict least‑privilege practices so that only trusted local accounts can access the kernel device interface for AMD PMF services.

Generated by OpenCVE AI on May 15, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Out‑Of‑Bounds Write in AMD PMF Driver Enables Local Privilege Escalation

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:07.368Z

Reserved: 2025-06-17T16:53:10.413Z

Link: CVE-2025-52540

cve-icon Vulnrichment

Updated: 2026-05-15T13:30:34.127Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:23.280

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-52540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:00:12Z

Weaknesses