NVD - cve-2025-54518

3 min read Original article ↗

CVE-2025-54518 Detail

Description

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:


NIST CVSS score

NIST: NVD

N/A

NVD assessment not yet provided.


Nist CVSS score does not match with CNA score

CNA:  Advanced Micro Devices Inc.

CVSS-B 7.3 HIGH

Vector:  CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS 3.x Severity and Vector Strings:


NIST CVSS score

NIST: NVD

Base Score:  N/A

NVD assessment not yet provided.


ADP:  redhat-SADP

Base Score:  7.0 HIGH

Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2026/05/12/15 CVE
http://xenbits.xen.org/xsa/advisory-490.html CVE
https://access.redhat.com/security/cve/CVE-2025-54518 redhat-SADP
https://bugzilla.redhat.com/show_bug.cgi?id=2477784 redhat-SADP
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json redhat-SADP
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html Advanced Micro Devices Inc.

Weakness Enumeration

CWE-ID CWE Name Source
CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) Advanced Micro Devices Inc.  
CWE-1220 Insufficient Granularity of Access Control redhat-SADP  

Change History

5 change records found show changes

CVE Modified by redhat-SADP 6/29/2026 11:16:52 PM

Action Type Old Value New Value
Added CVSS V3.1
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE
CWE-1220
Added Reference
https://access.redhat.com/security/cve/CVE-2025-54518
Added Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2477784
Added Reference
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json
Added Affected
[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for NVIDIA 26","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:"]}]

CVE Modified by CISA-ADP 6/17/2026 5:40:14 AM

Action Type Old Value New Value
Added SSVC
{"timestamp":"2026-05-15T00:00:00+00:00","id":"CVE-2025-54518","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by Advanced Micro Devices Inc. 6/17/2026 5:40:14 AM

Action Type Old Value New Value
Added Affected Record truncated, showing 2048 of 2668 characters.
View Entire Change Record
[{"vendor":"AMD","product":"AMD EPYC™ 7002 Series Processors","defaultStatus":"affected","versions":[{"version":"os kernel","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"RenoirPI-FP6_1.0.0.Ed","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"MendocinoPI-FT6_1.0.0.7f","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 3000 Series Desktop Processors","defaultStatus":"affected","versions":[{"version":"ComboAM4v2 1.2.0.10","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors","defaultStatus":"affected","versions":[{"version":"ChagallWSPI-sWRX8-1.0.0.D","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"CezannePI-FP6_1.0.1.1d","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors","defaultStatus":"affected","versions":[{"version":"CastlePeakWSPI-sWRX8 1.0.0.I","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"CezannePI-FP6_1.0.1.1d","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"CezannePI-FP6_1.0.1.1d","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 4000 Series Desktop Processors","defaultStatus":"affected","versions":[{"version":"ComboAM4v2 1.2.0.10","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics","defaultStatus":"affected","versions":[{"version":"ComboAM4v2 1.2.0.10","status":"unaffected"}]},{"vendor":"AMD","product":"AMD Ryzen™ 3000 Series De

CVE Modified by CVE 5/15/2026 1:16:33 AM

Action Type Old Value New Value
Added Reference
http://www.openwall.com/lists/oss-security/2026/05/12/15
Added Reference
http://xenbits.xen.org/xsa/advisory-490.html

New CVE Received from Advanced Micro Devices Inc. 5/15/2026 1:16:33 AM

Action Type Old Value New Value
Added Description
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Added CVSS V4.0
AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added CWE
CWE-1189
Added Reference
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html

Quick Info

CVE Dictionary Entry:
CVE-2025-54518
NVD Published Date:
05/15/2026
NVD Last Modified:
06/29/2026
Source:
Advanced Micro Devices Inc.