Vulnerability in Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.

Affected products

Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions PicassoPI-FP5_1.0.1.2e
Amd Epyc™ 4004 Series Processors — versions ComboAM5PI 1.0.0.d
Amd Epyc™ 7002 Series Processors — versions Rome-1.0.0.P
Amd Epyc™ 7003 Series Processors — versions MilanPI-SP3_1.0.0.J
Amd Epyc™ 8004 Series Processors — versions GenoaPI_1.0.0.H
Amd Epyc™ 9004 Series Processors — versions GenoaPI_1.0.0.H
Amd Epyc™ 9005 Series Processors — versions TurinPI-SP5_1.0.0.9
Amd Epyc™ 9v64h Processor — versions MI300C 1.0.0.3
Amd Epyc™ Embedded 7002 Series Processors — versions EmbRomePI-SP3 1.0.0.F
Amd Epyc™ Embedded 7003 Series Processors — versions EmbMilanPI-SP3 1.0.0.D

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

www.amd.com/en/resources/product-security/bulletin/AMD-SB-7054.html