AMD Zen 2 CPU: Shared cache isolation flaw enables privilege escalation
CVE-2025-54518 Published on May 15, 2026
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Vulnerability Analysis
CVE-2025-54518 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Types
What is a SoC Vulnerability?
The product does not properly isolate shared resources between trusted and untrusted agents.
CVE-2025-54518 has been classified to as a SoC vulnerability or weakness.
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Products Associated with CVE-2025-54518
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
AMD EPYC™ 7002 Series Processors:- Version os kernel is unaffected.
- Version RenoirPI-FP6_1.0.0.Ed is unaffected.
- Version MendocinoPI-FT6_1.0.0.7f is unaffected.
- Version ComboAM4v2 1.2.0.10 is unaffected.
- Version ChagallWSPI-sWRX8-1.0.0.D is unaffected.
- Version CezannePI-FP6_1.0.1.1d is unaffected.
- Version CastlePeakWSPI-sWRX8 1.0.0.I is unaffected.
- Version CezannePI-FP6_1.0.1.1d is unaffected.
- Version CezannePI-FP6_1.0.1.1d is unaffected.
- Version ComboAM4v2 1.2.0.10 is unaffected.
- Version ComboAM4v2 1.2.0.10 is unaffected.
- Version ComboAM4PI 1.0.0.10 is unaffected.
- Version OS kernel is unaffected.
- Version EmbeddedV2KAPI-FP6 1.0.0.A is unaffected.
- Version EmbeddedPI-FP6_1.0.0.D is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.