CVE-2025-0038

MEDIUM

AMD Zynq UltraScale+ - Memory Corruption

Title source: llm

Description

In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.

References (1)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html

Scores

CVSS v3 6.6

EPSS 0.0003

EPSS Percentile 7.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1284

Status published

Products (3)

AMD/Kria(TM) SOM PMU Firmware version TBD

AMD/Zynq UltraScale+ MPSoCs PMU Firmware version TBD

AMD/Zynq UltraScale+ RFSoCs PMU Firmware version TBD

Published Oct 06, 2025

Tracked Since Feb 18, 2026