Description
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.
Published: 2026-04-27
Score: 2 Low
EPSS: n/a
KEV: No
Impact: Loss of Confidentiality
Action: Monitor
AI Analysis

Impact

This transient execution vulnerability in AMD CPUs enables a local user-privileged attacker to read data in the floating point divisor unit, potentially allowing the exfiltration of sensitive information. The flaw is a data leakage weakness identified as CWE‑1420 and could lead to loss of confidentiality, with no reported impact on integrity or availability.

Affected Systems

AMD EPYC 7001 Series Processors and AMD EPYC Embedded 3000 Series Processors are affected. Version details are not provided in the advisory.

Risk and Exploitability

The CVSS score is 2, indicating low severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the attack requires local privileged execution, the likely attack vector is local, and no publicly known exploits exist, so the exploitation probability remains low.

Generated by OpenCVE AI on April 28, 2026 at 04:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest microcode updates and firmware releases from AMD that address the floating point divisor unit leak for EPYC 7001 and Embedded 3000 series processors.
  • Limit local user privileges so that only trusted administrators have the rights needed to run code at privileged levels; adopt a least‑privilege model for regular users.
  • Keep the system BIOS/firmware and operating system up to date to enable any microarchitectural mitigation options that can reduce side‑channel leakage.

Generated by OpenCVE AI on April 28, 2026 at 04:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd epyc 7001 Series Processors
Amd epyc Embedded 3000 Series Processors
Vendors & Products Amd
Amd epyc 7001 Series Processors
Amd epyc Embedded 3000 Series Processors

Tue, 28 Apr 2026 04:45:00 +0000

Type Values Removed Values Added
Title Local Privileged Data Leak via Floating Point Divisor Unit in AMD CPUs

Mon, 27 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.
Weaknesses CWE-1420
References
Metrics cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Amd Epyc 7001 Series Processors Epyc Embedded 3000 Series Processors
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-04-27T16:05:37.627Z

Reserved: 2025-07-23T15:01:50.733Z

Link: CVE-2025-54505

cve-icon Vulnrichment

Updated: 2026-04-27T16:05:18.025Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T16:16:28.780

Modified: 2026-04-27T18:57:20.293

Link: CVE-2025-54505

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T08:30:13Z

Weaknesses