Primary

Context

AMD Zynq UltraScale+ SoC Missing Secure State Use Vulnerability in Arm Trusted Firmware

Vulnerability

A vulnerability exists in the Arm Trusted Firmware (TF-A) used by AMD's Zynq UltraScale+ System on Chips (SoCs), including MPSoCs, RFSoCs, and Kria SOMs. The issue arises because the security state of the calling processor is not properly utilized, potentially allowing non-secure processors to access secure memory, perform cryptographic operations, and control various subsystems within the SoC.

Impact

Exploitation of this vulnerability could lead to unauthorized access to secure memory and cryptographic functions, as well as improper control over SoC subsystems.

Remediation

AMD plans to address this vulnerability in the upcoming 2025.2 release, scheduled for November 15, 2025. This update will ensure that the security state information from Arm Cortex-A processors is communicated to the PMU firmware, allowing for proper operation authorization.

Added: Nov 23, 2025, 5:17 PM

Updated: Nov 23, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Zynq UltraScale+ SoC Missing Secure State Use Vulnerability in Arm Trusted Firmware

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating