Memory Access Vulnerability in AMD Zynq UltraScale+ Devices
CVE-2025-0038

6.6MEDIUM

What is CVE-2025-0038?

A vulnerability exists in AMD Zynq UltraScale+ devices due to insufficient address validation when executing CSU runtime services via the PMU Firmware. This flaw can potentially enable unauthorized access to isolated or protected memory spaces, posing risks to both the integrity and confidentiality of the system. Users of affected devices are advised to take appropriate security measures.

Affected Version(s)

Kria(TM) SOM PMU Firmware version TBD

Zynq UltraScale+ MPSoCs PMU Firmware version TBD

Zynq UltraScale+ RFSoCs PMU Firmware version TBD

References

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-0038 : Memory Access Vulnerability in AMD Zynq UltraScale+ Devices