Potential Risk of CVE

CVE-2025-48507: Incorrect Secure Flag Usage in Versal™ Adaptive SoC Arm® Trusted Firmware (19th Dec 2025)

Leave a comment

Revision Date : 2025-Dec-17

Preface: AMD removed “Arm” from “Arm Trusted Firmware” (TF-A) references in their documentation (like for their EPYC/ Ryzen CPUs) to signify that while it’s based on Arm’s open standard, their implementation is tailored for AMD hardware, making it AMD’s own secure boot/firmware solution, not just Arm’s code, promoting clearer branding and ownership for their specific silicon, even though it adheres to Arm’s secure architecture principles.

Background: General-purpose Versal™ adaptive SoCs combine programmable logic with embedded Arm® application and real-time CPU cores, a programmable network on chip, high-speed serial transceivers, programmable I/O, and a broad offering of hard IP.

As various operating systems from various different vendors can be present in an ARM system, performing power control requires a method of collaboration. Considering operation in Non-secure state, if a supervisory system that is managing power, whether it is executing at the OS level (EL1) or at hypervisor level (EL2), wants to enter an idle state, power up or power down a core, or reset or shut down the system, supervisory systems at other Exception levels will need to react to the power state change request.

“Secure” (as a flag/designation): This refers to the privilege level the request claims to have been initiated from. When a request, like a Power State Coordination Interface (PSCI) command, is marked as “secure,” it is asking to be treated as though it originated from the trusted Secure World, with full access rights to all system resources.

“Processor’s actual security state”: This refers to the physical, hardware-enforced execution state the CPU is currently operating in (either Non-Secure World or Secure World). The physical state determines which memory regions and peripherals the code can genuinely access.

Vulnerability details: The Secure Flag passed to VersalTM Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state.

The vulnerability affects Versal™ Adaptive SoC’s Arm® Trusted Firmware (TF-A) for Cortex-A processors.

Root cause: The Secure Flag passed to PSCI (Power State Coordination Interface) commands was incorrectly set to secure instead of reflecting the processor’s actual security state.

Impact: This misconfiguration allows PSCI requests from a non-secure processor to appear as if they originate from a secure state, potentially enabling unauthorized access or manipulation of secure resources.

Severity: CVSS v4.0 score is 1.0 (Low), but it compromises the integrity of the security model.

Official announcement: Please refer to the link for details.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8020.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.