Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Zynq UltraScale+ MPSoCs by AMD

    CVE-2025-0038 (GCVE-0-2025-0038)

    Vulnerability from nvd – Published: 2025-10-06 16:08 – Updated: 2025-10-06 17:16
    VLAI
    Summary
    In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Kria(TM) SOM Affected: PMU Firmware version TBD
    Create a notification for this product.
    AMD Zynq UltraScale+ MPSoCs Affected: PMU Firmware version TBD
    Create a notification for this product.
    AMD Zynq UltraScale+ RFSoCs Affected: PMU Firmware version TBD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-06T17:00:56.364010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-06T17:16:22.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Kria(TM) SOM",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Zynq UltraScale+ MPSoCs",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Zynq UltraScale+ RFSoCs",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 - Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-06T16:08:59.227Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-0038",
        "datePublished": "2025-10-06T16:08:59.227Z",
        "dateReserved": "2024-11-21T16:18:05.485Z",
        "dateUpdated": "2025-10-06T17:16:22.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0038 (GCVE-0-2025-0038)

    Vulnerability from cvelistv5 – Published: 2025-10-06 16:08 – Updated: 2025-10-06 17:16
    VLAI
    Summary
    In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Kria(TM) SOM Affected: PMU Firmware version TBD
    Create a notification for this product.
    AMD Zynq UltraScale+ MPSoCs Affected: PMU Firmware version TBD
    Create a notification for this product.
    AMD Zynq UltraScale+ RFSoCs Affected: PMU Firmware version TBD
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0038",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-06T17:00:56.364010Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-06T17:16:22.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Kria(TM) SOM",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Zynq UltraScale+ MPSoCs",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Zynq UltraScale+ RFSoCs",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PMU Firmware version TBD"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284 - Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-06T16:08:59.227Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8008.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-0038",
        "datePublished": "2025-10-06T16:08:59.227Z",
        "dateReserved": "2024-11-21T16:18:05.485Z",
        "dateUpdated": "2025-10-06T17:16:22.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }