WID-SEC-W-2026-1859
Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-15 22:00Summary
AMD ARM und EPYC Prozessoren: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Prozessoren sind die zentralen Rechenwerke eines Computers.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in AMD ARM und EPYC Prozessoren ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Daten zu manipulieren.
Betroffene Betriebssysteme: - BIOS/Firmware
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMD Prozessor EPYC
AMD / Prozessor
|
cpe:/h:amd:amd_processor:epyc
|
EPYC | |
|
Dell PowerEdge
Dell
|
cpe:/h:dell:poweredge:-
|
— | |
|
AMD Prozessor Versal AI Edge Series Gen 2
AMD / Prozessor
|
cpe:/h:amd:amd_processor:versal_ai_edge_series_gen_2
|
Versal AI Edge Series Gen 2 | |
|
AMD Prozessor Versal Prime Series Gen 2
AMD / Prozessor
|
cpe:/h:amd:amd_processor:versa_prime_series_gen_2
|
Versal Prime Series Gen 2 | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMD Prozessor EPYC
AMD / Prozessor
|
cpe:/h:amd:amd_processor:epyc
|
EPYC | |
|
Dell PowerEdge
Dell
|
cpe:/h:dell:poweredge:-
|
— | |
|
AMD Prozessor Versal AI Edge Series Gen 2
AMD / Prozessor
|
cpe:/h:amd:amd_processor:versal_ai_edge_series_gen_2
|
Versal AI Edge Series Gen 2 | |
|
AMD Prozessor Versal Prime Series Gen 2
AMD / Prozessor
|
cpe:/h:amd:amd_processor:versa_prime_series_gen_2
|
Versal Prime Series Gen 2 | |
|
FreeBSD Project FreeBSD OS
FreeBSD Project
|
cpe:/o:freebsd:freebsd:-
|
— | |
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
References
13 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in AMD ARM und EPYC Prozessoren ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1859 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1859.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1859 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1859"
},
{
"category": "external",
"summary": "AMD Security Bulletin amd-sb-8021 vom 2026-06-09",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8021.html"
},
{
"category": "external",
"summary": "AMD Security Bulletin amd-sb-3039 vom 2026-06-09",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3039.html"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2026-036 vom 2026-06-09",
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-036"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory FREEBSD-SA-26:31.ARM64 vom 2026-06-10",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:31.arm64.asc"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-218282 vom 2026-06-09",
"url": "https://support.lenovo.com/us/en/product_security/LEN-218282"
},
{
"category": "external",
"summary": "HP Security Bulletin HPESBHF05065 vom 2026-06-09",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf05065en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "HP Security Bulletin HPESBHF05057 vom 2026-06-10",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf05057en_us\u0026docLocale=en_US"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-8B619EEF6F vom 2026-06-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8b619eef6f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-75FCC75B5F vom 2026-06-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-75fcc75b5f"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-042 vom 2026-06-12",
"url": "https://www.dell.com/support/kbdoc/de-de/000475731/dsa-2026-042-security-update-for-dell-amd-based-poweredge-server-vulnerability"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50318 vom 2026-06-16",
"url": "https://linux.oracle.com/errata/ELSA-2026-50318.html"
}
],
"source_lang": "en-US",
"title": "AMD ARM und EPYC Prozessoren: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-15T22:00:00.000+00:00",
"generator": {
"date": "2026-06-16T10:14:52.450+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1859",
"initial_release_date": "2026-06-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-06-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "EPYC",
"product": {
"name": "AMD Prozessor EPYC",
"product_id": "T036859",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:epyc"
}
}
},
{
"category": "product_version",
"name": "Versal Prime Series Gen 2",
"product": {
"name": "AMD Prozessor Versal Prime Series Gen 2",
"product_id": "T055142",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:versa_prime_series_gen_2"
}
}
},
{
"category": "product_version",
"name": "Versal AI Edge Series Gen 2",
"product": {
"name": "AMD Prozessor Versal AI Edge Series Gen 2",
"product_id": "T055144",
"product_identification_helper": {
"cpe": "cpe:/h:amd:amd_processor:versal_ai_edge_series_gen_2"
}
}
}
],
"category": "product_name",
"name": "Prozessor"
}
],
"category": "vendor",
"name": "AMD"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell PowerEdge",
"product": {
"name": "Dell PowerEdge",
"product_id": "T019535",
"product_identification_helper": {
"cpe": "cpe:/h:dell:poweredge:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "FreeBSD Project FreeBSD OS",
"product": {
"name": "FreeBSD Project FreeBSD OS",
"product_id": "4035",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:-"
}
}
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T009310",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T048897",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10263",
"product_status": {
"known_affected": [
"T036859",
"T019535",
"T055144",
"T055142",
"4035",
"393401",
"T004914",
"T048897",
"74185",
"T009310"
]
},
"release_date": "2026-06-09T22:00:00.000+00:00",
"title": "CVE-2025-10263"
},
{
"cve": "CVE-2025-54509",
"product_status": {
"known_affected": [
"T036859",
"T019535",
"T055144",
"T055142",
"4035",
"393401",
"T004914",
"T048897",
"74185",
"T009310"
]
},
"release_date": "2026-06-09T22:00:00.000+00:00",
"title": "CVE-2025-54509"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…