… A local attacker with user-level privileges can place a crafted openssl.cnf file to load an arbitrary Dynamic Link Library DLL, which will be executed with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. …
… CVE Details Refer to Glossary for explanation of terms CVE CVE Description CVSS Score CVE-2025-54502 Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting … …
… 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVE-2025-54517 Out of bounds write in AMD AMDGV CMD GET DIAG DATA ioctl handler could allow a local user to escalate privileges via remote code execution. …
… 7.8 High CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 8.5 High CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-48519 An improper input validation vulnerability within the AMD Platform Management Framework PMF Driver can allow a local attacker to read or write Out-of-Bounds,… …
… 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-54514 Improper isolation of shared resources on an SoC by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. …