—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in AMD Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Versal Adaptive SoC Devices

Versal  RF, AI Edge, AI Core, Prime, Premium & HBM Series 

Alveo V80 Compute Accelerator

Alveo V70 Accelerator Card (Discontinued)

Kria SOM

Zynq  UltraScale+ MPSoCs

Zynq  UltraScale+ RFSoCs

XRT drivers prior to 2025.1

AMD StoreMi 

AMD μProf version prior to 5.1

AMD EPYC 4004,7001,7002,7003,8004,9004, 9005 & 9V64H Series Processors

AMD EPYC Embedded 7003, 8004, 9004 and 9005 Series Processors

Overview

Multiple vulnerabilities have been reported in AMD Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code, or cause denial of service (DoS) condition on the targeted system.

Target Audience:

Individuals and organizations using the above mentioned AMD products.

Risk Assessment:

High risk of full system compromise, system instability, or sensitive data exposure.

Impact Assessment:

Elevation of privileges, memory corruption, disclose sensitive information, arbitrary code execution, denial of service (DoS).

Description

AMD drives innovation in high-performance computing, graphics, and visualization technologies – the building blocks for gaming, immersive platforms, cloud and datacenters.

Multiple vulnerabilities exist in AMD Products due to insufficient validation, improper handling of return value and Buffer overflow. An attacker could exploit these vulnerabilities by sending specially crafted requests on the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code, or cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned in:

https://www.amd.com/en/resources/product-security.html

References

AMD

https://www.amd.com/en/resources/product-security.html

CVE Name

CVE-2025-0003

CVE-2025-0005

CVE-2025-0007

CVE-2025-21922

CVE-2025-21923

CVE-2025-29934

CVE-2025-29933

CVE-2025-48502

CVE-2025-48507

CVE-2025-48510

CVE-2025-48511

CVE-2025-54515

CVE-2025-52538

CVE-2025-52539

CVE-2025-62626

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkpnykACgkQ3jCgcSdc

ys+TkhAAjt0eeRDNLaGIHExHrsTpJ3Ejtev/nnAtTlkAUxgtaDjTj8bb1gteUW7O

q6R9hZ3ABGKo7X3H6IQUR2HoBJ3KU0tMbyxA7QL7tuYsQ9w81hIUPzjg6A04oEWt

SDc2iSqLchdnAh4yvQbv5HFOmCu0qfhPcE2dSvTcTZSqZBvyQ+GiXsWREoXJz1kO

8zmtbO52lLaTIMPi3uCNsxy15OwIiZEol4GFuVDfLUulpcggv4DyZ9S8bbjHLfhU

jFl7bpqQbXPOqBl6/OkoL/qaM4NNfApQ7GHETgQ291At0UKW61J3s3okHF0ciTg2

v5W6187nHi03S+UIJF+hkQnQxpAM1Ovc5HAB1SMF+kuc21l65B+aPQxslWSwuRju

nVkL0MnRffHrNa/MjuVpp5zvxGPoCuVmW2cjDFGNgN+yNw5dDuBz+3Mcyds2LAEJ

FEEO+IHD34c4/n0EHHUIALmeAAWxIJ9l9/OUdy7xrnnMhWSg+xSRg8b87jtv4C73

5h+Zn76YyY02u01d8ILiU/l+6fqWcDMgfX/A1o/AN5EPkLrkVqtatY3m5c0FARYW

HFM9J/fzWPlbzbyXd/+gvLyw3fStNJHM4WP2ZhnnFtayaS20L4T7pOVOcsaPwTsW

vHiSFErgokpJ8GkgVuOxe4xJS8tnPAx7JEbg98KvicKxrK7Ky64=

=luDs

—–END PGP SIGNATURE—–