CVE-2025-0036

Summary

In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.

Affected Software

VendorProductVersion RangeStatus
AMDVersal Adaptive SoC Devices2025.1 releaseunaffected
AMDVersal RF Series2025.1 releaseunaffected
AMDVersal AI Edge Series2025.1 releaseunaffected
AMDVersal Prime Series2025.1 releaseunaffected
AMDVersal Premium Series2025.1 releaseunaffected
AMDVersal AI Core Series2025.1 releaseunaffected
AMDVersal HBM Series2025.1 releaseunaffected
AMDAlveo V80 Compute Accelerator2025.1 releaseunaffected

Weaknesses

  • CWE-682: CWE-682 Incorrect Calculation
  • CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime
  • CWE-940: CWE-940 Improper Verification of Source of a Communication Channel
  • CWE-941: CWE-941 Incorrectly Specified Destination in a Communication Channel
  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References