AMD Power Management Firmware Out-of-Bounds Read Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the power management firmware of certain AMD processors. This issue could be exploited by a malicious local attacker with low privileges, potentially leading to a partial loss of confidentiality and availability.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, allowing access to memory outside of the intended boundaries. This could lead to unauthorized information disclosure or disruption of normal operations, causing a partial loss of availability.

Remediation

Users can update to AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01) or AMD Software: PRO Edition 24.Q2 (24.10.20) to address this vulnerability. For AMD Ryzen Embedded 8000 Series Processors, the recommended update is to the graphics driver version 25.6.1, branch 25.10.13.01, and chipset version 7.06.02.123.