CVE-2025-0032
7.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Summary
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 9005 Series Processors | TurinPI 1.0.0.4 | unaffected |
| AMD | AMD Ryzen™ AI 300 Series Processors | StrixKrackanPI-FP8_1.1.0.1b | unaffected |
| AMD | AMD Ryzen™ 9000 Series Desktop Processors | ComboAM5PI 1.2.0.3c | unaffected |
| AMD | AMD Ryzen™ 9000HX Series Processors | FireRangeFL1PI 1.0.0.0a | unaffected |
| AMD | AMD Ryzen™ Al Max+ | StrixHaloPI-FP11_1.0.0.1 | unaffected |
| AMD | AMD Ryzen™ Threadripper™ 9000 series | ShimadaPeakPI-SP6 1.0.0.1 | unaffected |
| AMD | AMD EPYC™ Embedded 9000 Series Processors | Embturin PI 1.0.0.0 | unaffected |
Weaknesses
- CWE-459: CWE-459 Incomplete Cleanup
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.