Back to Security Bulletins and Briefs

AMD Athlon™, AMD Ryzen™, and AMD Ryzen™ Embedded Series Processor Vulnerabilities – May 2026

AMD ID: AMD-SB-4017
Potential Impact: Refer to the CVE Details section

Summary

Audits performed on AMD Ryzen™ Processor platforms uncovered potential vulnerabilities affecting AMD Ryzen™ and AMD Ryzen™ Embedded platforms.

CVE Details

Refer to Glossary for explanation of terms

CVE ID CVE Description CVSS
CVE-2021-46747 Insufficient granularity of access control in AMD Secure Processor (ASP) may allow an attacker with an untrusted user space application to map sensitive System Management Network (SMN) apertures, potentially leading to an escalation of privileges. CVSS 4.0 Base Score: 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2023-31316 Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware, potentially impacting confidentiality, integrity, or availability. CVSS 4.0 Base Score: 7.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
CVE-2025-48516 Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module. CVSS 4.0 Base Score: 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
CVE-2024-36315 Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and disclose sensitive information, potentially resulting in loss of confidentiality. CVSS 4.0 Base Score: 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2026-0438 A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability. CVSS 4.0 Base Score: 5.4
CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-0040 Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers, potentially resulting in loss of data integrity or confidentiality. CVSS 4.0 Base Score: 5.3
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2024-36345 Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality. CVSS 4.0 Base Score: 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-2024-36343 Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity. CVSS 4.0 Base Score: 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2021-26380 A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range, potentially resulting in loss of integrity. CVSS 4.0 Base Score: 1.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2022-23826 A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly, creating a race condition, potentially leading to a loss of integrity. CVSS 4.0 Base Score: 1.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Specific CVSS scores may change subject to your implementation. We encourage you to calculate CVSS scores independently for your system.

Affected Products and Mitigation

AMD recommends updating to the Platform Initialization (PI) firmware version indicated below (note the PI firmware versions were released by AMD to the Original Equipment Manufacturers (OEM) on the dates listed below). Please contact your OEM for the BIOS update specific to your product(s).

*Note: Products believed to not be affected by the listed CVEs are not included.  

AMD Athlon™ and AMD Ryzen™ Series Processors
Product CVE ID Remediated Versions Release Date
AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics CVE-2025-48516 No fix planned1 N/A
CVE-2021-26380 ComboAM4v2 PI 1.2.0.8 2022-07-29
CVE-2021-46747 ComboAM4v2 PI 1.2.0.8 2022-07-29
CVE-2022-23826 ComboAM4v2 PI 1.2.0.8 2022-07-29
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics CVE-2021-26380 PicassoPI-FP5 1.0.0.E 2022-07-06
PicassoPI-FP5 1.0.0.E 2022-07-06
CVE-2021-46747 PicassoPI-FP5 1.0.0.E 2022-07-29
PicassoPI-FP5 1.0.0.E 2022-07-29
CVE-2022-23826 PicassoPI-FP5 1.0.0.E 2022-07-06
PicassoPI-FP5 1.0.0.E 2022-07-06
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 3000 Series Desktop Processors CVE-2021-26380 ComboAM4PI 1.0.0.9 ComboAM4 V2 PI 1.2.0.8 2022-07-29
CVE-2021-46747 ComboAM4PI 1.0.0.9 ComboAM4 V2 PI 1.2.0.8 2022-07-29
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics CVE-2021-46747 PicassoPI-FP5 1.0.0.E 2022-07-06
CVE-2022-23826 PicassoPI-FP5 1.0.0.E 2022-07-06
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 4000 Series Desktop Processors CVE-2023-31316 ComboAM4v2PI 1.2.0.CA 2024-03-14
CVE-2021-26380 ComboAM4v2 PI 1.2.0.5 2021-11-20
CVE-2021-46747 ComboAM4v2 PI 1.2.0.6 2022-01-19
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics   CVE-2023-31316 Renoir-FP6 1.0.0.D 2024-02-29
CVE-2021-46747 RenoirPI-FP6 1.0.0.8 2022-01-19
CVE-2021-26380 RenoirPI-FP6 1.0.0.7 2021-11-20
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 5000 Series Desktop Processors CVE-2021-26380 ComboAM4 V2 PI 1.2.0.8 2022-07-29
CVE-2021-46747 ComboAM4 V2 PI 1.2.0.8 2022-07-29
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics CVE-2023-31316 ComboAM4v2PI 1.2.0.CA 2024-03-14
CVE-2021-46747 ComboAM4v2 PI 1.2.0.6 2022-02-18
CVE-2021-26380 ComboAM4v2 PI 1.2.0.5 2021-11-20
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics CVE-2023-31316 Cezanne-FP6 1.0.1.0 2024-01-25
CVE-2021-46747 CezannePI-FP6 1.0.0.9 2022-02-18
CVE-2021-26380 CezannePI-FP6 1.0.0.6 2021-09-15
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics CVE-2024-36345 RembrandtPI-FP7_1.0.0.Bg 2025-12-09
CVE-2024-36343 RembrandtPI-FP7_1.0.0.Bg 2025-12-09
CVE-2023-31316 Rembrandt-FP7 1.0.0.A 2023-12-28
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7000 Series Desktop Processors CVE-2024-36345 ComboAM5-PI_1.0.0.e 2026-01-23
ComboAM5PI 1.1.0.3g 2026-01-23
ComboAM5PI 1.2.0.3j 2026-01-30
CVE-2024-36343 ComboAM5-PI_1.0.0.e 2026-01-23
ComboAM5PI 1.1.0.3g 2026-01-23
ComboAM5PI 1.2.0.3j 2026-01-30
CVE-2026-0438 ComboAM5PI 1.0.0.d 2025-11-12
ComboAM5PI 1.1.0.3f 2025-11-16
ComboAM5PI_1.2.0.3i 2025-11-25
ComboAM5PI_1.3.0.0 2026-01-21
CVE-2024-36315 ComboAM5PI_1.0.0.a 2025-01-07
ComboAM5PI_1.1.0.3c 2025-01-07
ComboAM5PI_1.2.0.3 2025-01-07
ComboAM5PI_1.3.0.0 2026-01-21
CVE-2023-31316 ComboAM5PI 1.1.0.2 2024-01-09
ComboAM5PI 1.0.0.a 2024-01-07
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics CVE-2023-31316 MendocinoPI-FT6_1.0.0.6 2024-01-03
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics CVE-2021-46747 CezannePI-FP6 1.0.0.9 2022-02-18
CVE-2021-26380 CezannePI-FP6 1.0.0.6 2021-11-20
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics CVE-2024-36345 PhoenixPI-FP8-FP7_1.2.0.0f 2026-01-31
CVE-2024-36343 PhoenixPI-FP8-FP7_1.2.0.0f 2026-01-31
CVE-2025-0040 PhoenixPI-FP8-FP7_1.2.0.B 2025-03-12
CVE-2024-36315 PhoenixPI-FP8-FP7_1.2.0.0 2024-12-16
CVE-2023-31316 PhoenixPI-FP8-FP7_1.1.0.0 2023-10-06
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics   CVE-2024-36345 DragonRangeFL1_1.0.0.3l 2026-02-05
CVE-2024-36343 DragonRangeFL1_1.0.0.3l 2026-02-05
CVE-2024-36315 DragonRangeFL1_1.0.0.3g 2024-12-18
CVE-2023-31316 DragonRangeFL1PI 1.0.0.3C 2024-01-02
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 8000 Series Desktop Processors CVE-2024-36345 ComboAM5PI 1.1.0.3g 2026-01-23
ComboAM5PI 1.2.0.3j 2026-01-30
CVE-2024-36343 ComboAM5PI 1.1.0.3g 2026-01-23
ComboAM5 1.2.0.3j 2026-01-30
CVE-2026-0438 ComboAM5PI 1.1.0.3f 2025-11-16
ComboAM5PI_1.2.0.3i 2025-11-25
ComboAM5PI_1.3.0.0 2026-01-21
CVE-2025-0040 ComboAM5PI 1.2.0.3d 2025-04-29
ComboAM5PI 1.1.0.3d 2025-07-27
CVE-2024-36315 ComboAM5PI_1.1.0.3c 2025-01-07
ComboAM5PI_1.2.0.3 2025-01-07
ComboAM5PI_1.3.0.0 2026-01-21
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics CVE-2025-48516 No fix planned1 N/A
CVE-2024-36345 PhoenixPI-FP8-FP7_1.2.0.0f 2026-01-31
CVE-2025-0040 PhoenixPI-FP8-FP7_1.2.0.B 2025-03-12
AMD Ryzen™ 9000 Series Desktop Processors CVE-2024-36345 ComboAM5PI 1.2.0.3j 2026-01-30
CVE-2024-36343 ComboAM5PI 1.2.0.3j 2026-01-30
CVE-2024-36315 ComboAM5PI_1.2.0.3 2025-01-07
CVE-2026-0438 ComboAM5PI_1.2.0.3i 2025-11-25
ComboAM5PI_1.3.0.0 2026-01-21
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ 9000HX Series Processors CVE-2024-36345 FireRangeFL1PI 1.0.0.0f 2026-01-25
CVE-2026-0438 FireRangeFL1PI 1.0.0.0d 2025-10-26
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ AI 300 Series Processors CVE-2026-0438 StrixKrackanPI-FP8_1.1.0.0e 2025-12-17
CVE-2025-48516 No fix planned1 N/A
CVE-2024-36345 StrixKrackanPI-FP8_1.1.0.0f 2026-01-29
StrixKrackanPI-FP8_1.1.0.2e 2026-02-04
CVE-2024-36343 StrixKrackanPI-FP8_1.1.0.0f 2026-01-29
StrixKrackanPI-FP8_1.1.0.2e 2026-02-04
AMD Ryzen™ AI MAX CVE-2024-36345 StrixHaloPI-FP11_1.0.0.2b 2025-12-29
CVE-2024-36343 StrixHaloPI-FP11_1.0.0.2b 2025-12-29
AMD Ryzen™ AI Max 300 Series Processors CVE-2026-0438 StrixHaloPI-FP11_1.0.0.2a 2025-11-25
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ Threadripper™ 3000 Processors CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ Threadripper™ 7000  Processors CVE-2026-0438 ShimadaPeakPI-SP6 1.0.0.1c 2025-10-21
CVE-2025-48516 ShimadaPeakPI-SP6 1.0.0.1b 2025-08-04
CVE-2024-36345 StormPeakPI-SP6 1.1.0.0k 2025-12-01
CVE-2024-36343 StormPeakPI-SP6 1.1.0.0k 2025-12-01
AMD Ryzen™ Threadripper™ 9000 Processors CVE-2026-0438 ShimadaPeakPI-SP6 1.0.0.1c 2025-10-21
CVE-2025-48516 ShimadaPeakPI-SP6 1.0.0.1b 2025-08-04
AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors CVE-2021-46747 CastlePeakWSPI-sWRX8 1.0.0.9 2022-01-20
ChagallWSPI-sWRX8 1.0.0.2 2022-01-20
CVE-2025-48516 No fix planned1 N/A
CVE-2021-26380 ChagallWSPI-sWRX8 1.0.0.2 2022-01-07
CVE-2021-46747 ChagallWSPI-sWRX8 1.0.0.1 2021-11-10
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors CVE-2026-0438 ShimadaPeakPI-SP6 1.0.0.1c 2025-10-21
CVE-2025-48516 ShimadaPeakPI-SP6 1.0.0.1b 2025-08-04
CVE-2026-0438 StormPeakPI-SP6 1.0.0.1m 2025-12-01
StormPeakPI-SP6_1.1.0.0k 2025-12-01
CVE-2024-36345 StormPeakPI-SP6 1.0.0.1m 2025-12-01
StormPeakPI-SP6 1.1.0.0k 2025-12-01
CVE-2024-36343 StormPeakPI-SP6 1.0.0.1m 2025-12-01
StormPeakPI-SP6_1.1.0.0k 2025-12-01
AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors CVE-2026-0438 ShimadaPeakPI-SP6 1.0.0.1c 2025-10-21
CVE-2025-48516 ShimadaPeakPI-SP6 1.0.0.1b 2025-08-04
AMD Ryzen™ Z1 Series Processors CVE-2026-0438  PhoenixPI-FP8-FP7_1.2.0.0f 2026-01-31
CVE-2025-48516 No fix planned1 N/A
CVE-2024-36315  PhoenixPI-FP8-FP7_1.2.0.0 2024-12-16
AMD Ryzen™ Z2 Series Processors CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ Z2 Series Processors Extreme CVE-2026-0438 StrixKrackanPI-FP8_1.1.0.2d 2025-12-10
CVE-2025-48516 No fix planned1 N/A
AMD Ryzen™ Z2 Series Processors Go CVE-2025-48516 No fix planned1 N/A

1 Mitigation requires hardware modifications which are targeted for future platforms.

AMD Ryzen™ Embedded Series Processors
Product CVE ID Remediated Versions Release Date
AMD Ryzen™ Embedded 5000 Series Processors CVE-2021-26380 EmbAM4PI 1.0.0.2 2022-10-31
CVE-2021-46747 EmbAM4PI 1.0.0.2 2022-10-31
AMD Ryzen™ Embedded 7000 Series Processors CVE-2026-0438 EmbeddedAM5PI 1.0.0.5 2025-12-26
CVE-2024-36345 EmbeddedAM5PI 1.0.0.4 2025-07-11
CVE-2024-36343 EmbeddedAM5PI 1.0.0.4 2025-07-11
CVE-2024-36315 EmbeddedAM5PI 1.0.0.5 2025-12-26
AMD Ryzen™ Embedded 8000 Series Processors CVE-2024-36345 EmbeddedPhoenixPI-FP7r2_1.0.0.2 2025-06-18
CVE-2024-36343 EmbeddedPhoenixPI-FP7r2_1.0.0.2 2025-06-18
CVE-2024-36315 EmbeddedPhoenixPI-FP7r2_1.0.0.3 2026-01-05
CVE-2025-0040 EmbeddedPhoenixPI-FP7r2_1.0.0.2 2025-06-18
AMD Ryzen™ Embedded 9000 Series Processors CVE-2026-0438 EmbeddedAM5PI 1.0.0.5 2025-12-26
AMD Ryzen™ Embedded R1000 Series Processors CVE-2021-26380 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2021-46747 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2022-23826 EmbeddedPI-FP5_1.2.0.A 2023-07-31
AMD Ryzen™ Embedded R2000 Series Processors CVE-2021-26380 EmbeddedR2KPI-FP5_1.0.0.2 2023-07-31
CVE-2021-46747 EmbeddedPI-FP5_1.0.0.2 2023-07-31
CVE-2022-23826 EmbeddedR2KPI-FP5_1.0.0.2 2023-07-31
AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") CVE-2021-26380 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2021-46747 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2022-23826 EmbeddedPI-FP5_1.2.0.A 2023-07-31
AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") CVE-2021-26380 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2021-46747 EmbeddedPI-FP5_1.2.0.A 2023-07-31
CVE-2022-23826 EmbeddedPI-FP5_1.2.0.A 2023-07-31
AMD Ryzen™ Embedded V2000 Series Processors CVE-2023-31316 EmbeddedPI-FP6_1.0.0.9 2024-04-15
CVE-2021-26380 EmbeddedPI-FP6_1.0.0.6 2022-04-29
CVE-2021-46747 EmbeddedPI-FP6_1.0.0.6 2022-04-29
AMD Ryzen™ Embedded V3000 Series Processors CVE-2024-36345 Embedded-PI_FP7r2 1.0.0.F 2025-07-30
CVE-2024-36343 Embedded-PI_FP7r2 1.0.0.F 2025-07-30
CVE-2023-31316 Embedded-PI_FP7r2 1009 2024-04-15
CVE-2021-26380 EmbeddedPI-FP7r2_0.0.8.0 2022-01-13
CVE-2021-46747 EmbeddedPI-FP7r2_0.0.8.0 2022-01-13

Acknowledgement 

Externally found: CVE-2025-48516

Anonymous: CVE-2024-36343, CVE-2024-36345

Internally found: CVE-2021-26380, CVE-2021-46747, CVE-2022-23826, CVE-2023-20539, CVE-2024-36315, CVE-2025-0040, CVE-2026-0438

Revisions

Revision Date Description
2026-05-12 Initial publication

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, Athlon, Radeon, Ryzen, Threadripper, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.

© 2026 Advanced Micro Devices, Inc. All rights reserved.