CVE-2025-54518

Description

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

CVSS breakdown

Affected products

• AMD / AMD EPYC™ 7002 Series Processorsos kernel – os kernel
• AMD / AMD EPYC™ Embedded 7002 Series ProcessorsOS kernel – OS kernel
• AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2 1.2.0.10 – ComboAM4v2 1.2.0.10
• AMD / AMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI 1.0.0.10 – ComboAM4PI 1.0.0.10
• AMD / AMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2 1.2.0.10 – ComboAM4v2 1.2.0.10
• AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoirPI-FP6_1.0.0.Ed – RenoirPI-FP6_1.0.0.Ed
• AMD / AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2 1.2.0.10 – ComboAM4v2 1.2.0.10
• AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1d – CezannePI-FP6_1.0.1.1d
• AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6_1.0.0.7f – MendocinoPI-FT6_1.0.0.7f
• AMD / AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ GraphicsCezannePI-FP6_1.0.1.1d – CezannePI-FP6_1.0.1.1d
• AMD / AMD Ryzen Embedded V2000A Series ProcessorsEmbeddedV2KAPI-FP6 1.0.0.A – EmbeddedV2KAPI-FP6 1.0.0.A
• AMD / AMD Ryzen™ Embedded V2000 Series ProcessorsEmbeddedPI-FP6_1.0.0.D – EmbeddedPI-FP6_1.0.0.D
• AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.I – CastlePeakWSPI-sWRX8 1.0.0.I
• AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX-Series ProcessorsChagallWSPI-sWRX8-1.0.0.D – ChagallWSPI-sWRX8-1.0.0.D

References

• MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html