CVE-2025-48516

Summary

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ 3000 ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 9000HX Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ AI 300 Series ProcessorsNo fix plannedunaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsNo fix plannedunaffected
AMDAMD Ryzen™ AI Max 300 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Z1 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Z2 Series Processors ExtremeNo fix plannedunaffected
AMDAMD Ryzen™ Z2 Series ProcessorsNo fix plannedunaffected
AMDAMD Ryzen™ Z2 Series Processors GoNo fix plannedunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsShimadaPeakPI-SP6 1.0.0.1bunaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsShimadaPeakPI-SP6 1.0.0.1bunaffected
AMDAMD Ryzen™ Threadripper™ 9000 ProcessorsShimadaPeakPI-SP6 1.0.0.1bunaffected
AMDAMD Ryzen™ Threadripper™ PRO 9000 WX-Series ProcessorsShimadaPeakPI-SP6 1.0.0.1bunaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References