Description
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Published: 2026-05-15
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker may abuse a flaw in how shared resources within the CPU operation cache are isolated on Zen 2‑based AMD processors. The improper isolation enables corruption of instructions that are executed at a higher privilege level, thereby allowing the attacker to gain elevated privileges. The weakness is a Classic CWE‑1189 "Improper Isolation of Shared Resources" and can impact confidentiality, integrity, and availability of the affected systems if the privilege escalation succeeds.

Affected Systems

AMD products that use Zen 2 microarchitecture are listed as affected, including the EPYC 7002 and Embedded 7002 Series, Ryzen 3000 and 4000 Series desktop and mobile processors, Ryzen 5000 and 7020 Series, Ryzen 7030 Mobile, Ryzen V2000 Embedded, and Threadripper PRO 3000 WX‑Series processors. The vulnerability applies across all processors that contain the relevant shared cache resources identified in the AMD Security Bulletin AMD‑SB‑7052.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity, though the EPSS score is not available, so the likelihood of exploitation cannot be quantified from the available data. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is local and requires an attacker to be able to influence or observe cache contents; it is likely to be exploitable from a user or guest context privileged to inject code that can exploit the cache mis‑isolation.

Generated by OpenCVE AI on May 15, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware and microcode updates released in AMD Security Bulletin AMD‐SB‑7052 to all affected processors
  • Configure systems to limit untrusted code execution and consider disabling host‑to‑guest interfaces that could leverage shared cache access
  • Monitor systems for anomalous privilege escalations and enforce strict access controls to contain potential exploitation

Generated by OpenCVE AI on May 15, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd epyc 7002 Series Processors
Amd epyc Embedded 7002 Series Processors
Amd ryzen 3000 Series Desktop Processors
Amd ryzen 4000 Series Desktop Processors
Amd ryzen 4000 Series Mobile Processors With Radeon Graphics
Amd ryzen 5000 Series Desktop Processors With Radeon Graphics
Amd ryzen 5000 Series Mobile Processors With Radeon Graphics
Amd ryzen 7020 Series Processors With Radeon Graphics
Amd ryzen 7030 Series Mobile Processors With Radeon Graphics
Amd ryzen Embedded V2000 Series Processors
Amd ryzen Threadripper Pro 3000 Wx-series Processors
Vendors & Products Amd
Amd epyc 7002 Series Processors
Amd epyc Embedded 7002 Series Processors
Amd ryzen 3000 Series Desktop Processors
Amd ryzen 4000 Series Desktop Processors
Amd ryzen 4000 Series Mobile Processors With Radeon Graphics
Amd ryzen 5000 Series Desktop Processors With Radeon Graphics
Amd ryzen 5000 Series Mobile Processors With Radeon Graphics
Amd ryzen 7020 Series Processors With Radeon Graphics
Amd ryzen 7030 Series Mobile Processors With Radeon Graphics
Amd ryzen Embedded V2000 Series Processors
Amd ryzen Threadripper Pro 3000 Wx-series Processors

Fri, 15 May 2026 05:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via CPU Cache Resource Isolation Vulnerability on Zen 2 Processors

Fri, 15 May 2026 05:30:00 +0000

Type Values Removed Values Added
References

Fri, 15 May 2026 04:30:00 +0000

Type Values Removed Values Added
Description Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Weaknesses CWE-1189
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amd Epyc 7002 Series Processors Epyc Embedded 7002 Series Processors Ryzen 3000 Series Desktop Processors Ryzen 4000 Series Desktop Processors Ryzen 4000 Series Mobile Processors With Radeon Graphics Ryzen 5000 Series Desktop Processors With Radeon Graphics Ryzen 5000 Series Mobile Processors With Radeon Graphics Ryzen 7020 Series Processors With Radeon Graphics Ryzen 7030 Series Mobile Processors With Radeon Graphics Ryzen Embedded V2000 Series Processors Ryzen Threadripper Pro 3000 Wx-series Processors
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:02.809Z

Reserved: 2025-07-23T15:01:52.883Z

Link: CVE-2025-54518

cve-icon Vulnrichment

Updated: 2026-05-15T03:09:03.940Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:33.013

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-54518

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses