SB2025070268 - Missing checks in AMD Zynq UltraScale+ devices
Published: July 2, 2025
Security Bulletin ID
SB2025070268
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-0038)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the lack of address validation when executing CSU runtime services through the PMU Firmware. A local user can gain access to isolated or protected memory spaces, leading to loss of integrity and confidentiality.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.