Description
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
Published: 2026-05-15
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the default file system permissions applied to the AMD chipset driver's installation directory permits a local user with reduced privileges to write or execute files as a privileged user. This mis‑permission vulnerability falls under CWE‑276 and could allow an attacker to replace or execute binaries, ultimately enabling arbitrary code execution with higher privileges. The description indicates the primary impact is privilege escalation rather than denial of service or information disclosure.

Affected Systems

The vulnerability affects a broad range of AMD processors and chipsets, including Athlon, Ryzen, EPYC, Threadripper, and Ryzen Embedded families. It impacts desktop, mobile, server, and embedded systems that install the affected AMD chipset driver.

Risk and Exploitability

The CVSS score of 8.5 reflects a high severity impact. The EPSS score is not available, so the current likelihood of exploitation cannot be quantified, and the vulnerability is not listed in CISA KEV. The likely attack vector is local; an attacker must gain access to the target machine in order to modify files in the driver’s installation directory. No public exploits are documented at this time, but the high impact warrants timely remediation.

Generated by OpenCVE AI on May 15, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest AMD chipset driver that includes the permission fix as distributed in AMD SB‑3047 and AMD SB‑4015.
  • Verify the driver’s installation directory is owned by a privileged account and has permissions set to prohibit write or execute access by non‑privileged users, e.g., chmod 700.
  • Configure file integrity monitoring on the driver installation directory so that any unauthorized write attempts trigger an alert.

Generated by OpenCVE AI on May 15, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Incorrect Permissions in AMD Chipset Driver Installation Directory

Fri, 15 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
Weaknesses CWE-276
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:10.732Z

Reserved: 2025-12-06T13:53:34.788Z

Link: CVE-2026-0432

cve-icon Vulnrichment

Updated: 2026-05-15T13:31:51.222Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T02:16:23.413

Modified: 2026-05-15T14:10:17.083

Link: CVE-2026-0432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:00:12Z

Weaknesses