Back to Security Bulletins and Briefs

 Zynq™ UltraScale+™ SoC Overwriting Protected Memory Regions Through PMU Firmware

AMD ID:  AMD-SB-8008
Potential Impact: Loss of confidentiality and Integrity
Severity:  Medium

Summary

In Zynq™ UltraScale+™ devices, the Platform Management Unit (PMU) Firmware is designed to implement runtime (post boot) software services that allow a remote processor to command the PMU to execute cryptographic operations (i.e. AES-GCM/256, SHA3-284, RSA) using the hardened crypto accelerators, programmable logic readback, and eFUSE read and write operations within the Configuration Security Unit (CSU).

The researcher’s paper describes a vulnerability that exists with commanding these runtime services, in that the memory pointers passed with the command are not checked to verify that the requesting processor has access to the memory space.

CVE Details

Refer to Glossary for explanation of terms

CVE CVE Description
CVE-2025-0038 https://docs.amd.com/r/en-US/000037628

Mitigation

AMD has released an update to the PMU Firmware as part of the 2025.2 tools release to perform memory validation of the memory pointers passed through the IPI messages for commanding the CSU runtime services. The update is discussed in the latter part of this Mitigation section.

If using a version of the development tools before the 2025.2 release, AMD recommends that the CSU runtime services be disabled in the PMU Firmware to mitigate this vulnerability in systems where access to protected memory by unsecure processors within the Zynq™ UltraScale+™ devices is a concern. The xpfw_config.h file within the PMU Firmware source files contains the configuration parameters to enable or disable the CSU runtime services. The specific parameters are discussed below

  • The ENABLE_FPGA_READ_CONFIG_DATA_VAL is used to configure the runtime service enablement of readback of the programmable logic bitstream through the CSU’s processor configuration access port (PCAP).  Support for this parameter was added in PMU Firmware starting with version 2019.2 of the development tools.
  • The ENABLE_FPGA_READ_CONFIG_REG_VAL is used to configure the runtime service enablement of readback of programmable logic configuration registers through the PCAP. Support for this parameter was added in PMU Firmware starting with version 2019.2 of the development tools.
  • The ENABLE_SECURE_VAL is used to configure the runtime service enablement of cryptographic operations (i.e. AES-GCM/256, SHA3-284, RSA) using the hardened crypto accelerators in the CSU. Support for this parameter was added in the PMU Firmware starting with version 2018.1 of the development tools.
  • The ENABLE_EFUSE_ACCESS is used to configure the runtime service enablement of the eFUSE read and write operations. Support for this parameter was added in the PMU Firmware starting with version 2018.3 of the development tools when the eFUSE access runtime service was added to the PMU Firmware.
  • The ENABLE_FPGA_LOAD_VAL is used to configure the runtime service enablement of PL Bitstream Loading.  Support for this parameter was added in the PMU Firmware starting with version 2018.1 of the development tools. In versions 2018.3 and 2019.1, this parameter was used to configure the runtime service enablement of readback of the programmable logic bitstream and configuration registers that was added to the PMU Firmware in 2018.3.

Where shared access is a concern in development tool versions 2017.3 to 2025.1, the parameters should be set in accordance with the following table to disable these runtime services. The table defines the settings that should be applied for each parameter for each major version of the tools used to implement the PMU Firmware.

Runtime Service Parameter

2017.3

2018.1 and 2018.2

2018.3 and 2019.1

2019.2

to 2025.1

ENABLE_FPGA_READ_CONFIG_DATA_VAL

N/A

N/A

N/A

0U

ENABLE_FPGA_READ_CONFIG_REG_VAL

N/A

N/A

N/A

0U

ENABLE_SECURE_VAL

Parameter not available, contact FAE

0U

0U

0U

ENABLE_EFUSE_ACCESS

Service Not Available

Service Not Available

0U

0U

ENABLE_FPGA_LOAD_VAL

Parameter not available, contact FAE

0U to disable PL readback

0U to disable PL readback

User Choice on whether to disable PL loading service

If using a version 2025.2 or later of the development tools, a function PmIsValidAddressRange, has been added to the pm_mmio_access.c file of the PMU Firmware source files. This PmIsValidAddressRange function, when enabled, allows the user to define the valid memory ranges and the access type (i.e. Read Only, Write Only, or Read/Write access) that is allowed per IPI channel that makes a request to the PMU Firmware runtime services. The memory ranges and access permissions are defined by the user through the addressTable assignment in the same pm_mmio_access.c file.

To enable the use of the PmIsValidAddressRange function, the ENABLE_MEM_RANGE_VAL parameter must be set to 1U in the xpfw_config.h file within the PMU Firmware source files.  Further granular control of the enablement of PmIsValidAddressRange for each of the groups of runtime services defined in the previous table is provided through the following parameters also in the xpfw_config.h file:

  • ENABLE_MEM_RANGE_PM_FPGA_READ_BACK_VAL
  • ENABLE_MEM_RANGE_CRYPTO_REQUEST_VAL
  • ENABLE_MEM_RANGE_EFUSE_ACCESS_VAL
  • ENABLE_MEM_RANGE_SECURE_IMAGE_LOAD_VAL

Additionally in 2025.2, a parameter has been added to the PMU Firmware’s xpfw_config.h file entitled ENABLE_SECURE_FLAG_VAL.  If ENABLE_SECURE_FLAG_VAL is set to 1U, the PMU Firmware allows for the definition of access control based on the Secure Flag setting that is included in each IPI message process by the PMU Firmware. The permissions are defined as part to the defaultApiPermissions structure located in the pm_binding.c file of the PMU Firmware source files. The available permissions are No Access, Only Secure Access, Only Non Secure Access, or Full Access, with the default being Full Access. 

In Zynq™ UltraScale+™ devices, isolation and access controls are provided by the hardware-based Memory Protection Units (XMPU) and Peripheral Protection Unit (XPPU). These hardware-based protection units are designed to limit access to memory and register spaces in the device. To limit the attack space in any design, the XMPUs and XPPU should be utilized to control access to memories and peripherals. Memories and peripherals that the PMU and CSU DMA are not allowed to access will not be affected by the vulnerability discussed in this notice, therefore the XMPUs and XPPU should be used to reduce the attack surface. 

Note that the XMPUs and XPPU in the device must be configured by the user in their design since the XMPUs and XPPU are not enabled by default in the development tools or software. More information on the XMPUs and XPPU is available in the Zynq UltraScale+ Device Technical Reference Manual (UG1085) and Isolation Methods in Zynq UltraScale+ MPSoCs (XAPP1320).

The conduit to command the CSU runtime services through the PMU Firmware is through IPI messaging. Access to the IPI hardware can also be limited through the XPPU as discussed in UG1085. To limit the attack space, untrusted processors should not be given access to IPI.

Acknowledgement

AMD thanks Jean de Bonfils Lavernelle of Thales DIS/XLIM Laboratory for reporting this issue and engaging in coordinated vulnerability disclosure.

Revisions 

Revision Date Description
2026-01-30 Updated based on release of mitigation in 2025.2
2025-07-01 Initial publication

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale. 

AMD, the AMD Arrow logo, UltraScale+, Zynq, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.

© 2026 Advanced Micro Devices, Inc. All rights reserved.