CVE-2025-0036
3.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Summary
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | Versal Adaptive SoC Devices | 2025.1 release | unaffected |
| AMD | Versal RF Series | 2025.1 release | unaffected |
| AMD | Versal AI Edge Series | 2025.1 release | unaffected |
| AMD | Versal Prime Series | 2025.1 release | unaffected |
| AMD | Versal Premium Series | 2025.1 release | unaffected |
| AMD | Versal AI Core Series | 2025.1 release | unaffected |
| AMD | Versal HBM Series | 2025.1 release | unaffected |
| AMD | Alveo V80 Compute Accelerator | 2025.1 release | unaffected |
Weaknesses
- CWE-682: CWE-682 Incorrect Calculation
- CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime
- CWE-940: CWE-940 Improper Verification of Source of a Communication Channel
- CWE-941: CWE-941 Incorrectly Specified Destination in a Communication Channel
- CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.