CVE-2025-0036 (GCVE-0-2025-0036)
Vulnerability from cvelistv5
Published
2025-06-09 23:57
Modified
2025-06-30 14:48
Severity ?
3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
CWE
  • CWE-682 - Incorrect Calculation
  • CWE-772 - Missing Release of Resource after Effective Lifetime
  • CWE-940 - Improper Verification of Source of a Communication Channel
  • CWE-941 - Incorrectly Specified Destination in a Communication Channel
  • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
References
Impacted products
Vendor Product Version
AMD Versal Adaptive SoC Devices Patch: 2025.1 release
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:19:45.871057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T15:27:43.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Versal Adaptive SoC Devices",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal RF Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal AI Edge Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal Prime Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal Premium Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal AI Core Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal HBM Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Alveo V80 Compute Accelerator",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.1 release"
            }
          ]
        }
      ],
      "datePublic": "2025-06-03T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\u003cbr\u003e"
            }
          ],
          "value": "In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-682",
              "description": "CWE-682 Incorrect Calculation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940 Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-941",
              "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-30T14:48:59.255Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-0036",
    "datePublished": "2025-06-09T23:57:39.748Z",
    "dateReserved": "2024-11-21T16:18:02.918Z",
    "dateUpdated": "2025-06-30T14:48:59.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0036\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2025-06-10T00:15:21.197\",\"lastModified\":\"2025-06-12T16:06:39.330\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\"},{\"lang\":\"es\",\"value\":\"En los dispositivos SoC AMD Versal Adaptive, la configuraci\u00f3n incorrecta del SSS durante las operaciones criptogr\u00e1ficas en tiempo de ejecuci\u00f3n (post arranque) podr\u00eda provocar que los datos se escriban y lean incorrectamente desde ubicaciones no v\u00e1lidas, adem\u00e1s de devolver datos criptogr\u00e1ficos incorrectos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N\",\"baseScore\":3.2,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-497\"},{\"lang\":\"en\",\"value\":\"CWE-682\"},{\"lang\":\"en\",\"value\":\"CWE-772\"},{\"lang\":\"en\",\"value\":\"CWE-940\"},{\"lang\":\"en\",\"value\":\"CWE-941\"}]}],\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html\",\"source\":\"psirt@amd.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0036\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-10T14:19:45.871057Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-10T14:19:47.545Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"Platform Loader and Manager (PLM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"Refer to AMD-SB-8011\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-06-03T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8011.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-682\", \"description\": \"CWE-682 Incorrect Calculation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-772\", \"description\": \"CWE-772 Missing Release of Resource after Effective Lifetime\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-940\", \"description\": \"CWE-940 Improper Verification of Source of a Communication Channel\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-941\", \"description\": \"CWE-941 Incorrectly Specified Destination in a Communication Channel\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-497\", \"description\": \"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2025-06-09T23:57:39.748Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0036\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-10T15:27:43.315Z\", \"dateReserved\": \"2024-11-21T16:18:02.918Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2025-06-09T23:57:39.748Z\", \"assignerShortName\": \"AMD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.