Search
Find a vulnerability
Search criteria
38 vulnerabilities found for AMD Instinct™ MI250 by AMD
CVE-2026-0481 (GCVE-0-2026-0481)
Vulnerability from nvd – Published: 2026-05-15 03:04 – Updated: 2026-05-15 11:11
VLAI
Summary
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1327 - Binding to an Unrestricted IP Address
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI350X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI355X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI250X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
Date Public
2026-05-15 03:04
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:11:38.875260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:11:51.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI350X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI355X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
}
],
"datePublic": "2026-05-15T03:04:39.049Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability\u003cbr\u003e"
}
],
"value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1327",
"description": "CWE-1327 Binding to an Unrestricted IP Address",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:04:56.312Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2026-0481",
"datePublished": "2026-05-15T03:04:56.312Z",
"dateReserved": "2025-12-06T15:11:33.632Z",
"dateUpdated": "2026-05-15T11:11:51.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52532 (GCVE-0-2025-52532)
Vulnerability from nvd – Published: 2026-05-15 02:59 – Updated: 2026-05-15 11:13
VLAI
Summary
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
GIM Driver 8.4
|
Date Public
2026-05-15 02:59
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:13:09.310368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:19.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:59:27.631Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.\u003cbr\u003e"
}
],
"value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:59:46.954Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-52532",
"datePublished": "2026-05-15T02:59:46.954Z",
"dateReserved": "2025-06-17T16:53:10.412Z",
"dateUpdated": "2026-05-15T11:13:19.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66664 (GCVE-0-2025-66664)
Vulnerability from nvd – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:31
VLAI
Summary
Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q4 (25.10.37.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.3.1
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.3.1
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
BKC 26 (ROCm 7.0.1)
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:15:27.496279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:31:27.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "BKC 26 (ROCm 7.0.1)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:40:41.476Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception\u003cbr\u003e"
}
],
"value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:41:56.659Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-66664",
"datePublished": "2026-05-15T02:41:56.659Z",
"dateReserved": "2025-12-06T15:03:58.971Z",
"dateUpdated": "2026-05-15T16:31:27.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66660 (GCVE-0-2025-66660)
Vulnerability from nvd – Published: 2026-05-15 02:42 – Updated: 2026-05-15 16:10
VLAI
Summary
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q4 (25.10.37.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0.1
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0.1
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
BKC 26
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:09:50.527526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:10:53.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "BKC 26"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:40:46.460Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.\u003cbr\u003e"
}
],
"value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:44:05.001Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-66660",
"datePublished": "2026-05-15T02:42:33.035Z",
"dateReserved": "2025-12-06T15:03:58.970Z",
"dateUpdated": "2026-05-15T16:10:53.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54517 (GCVE-0-2025-54517)
Vulnerability from nvd – Published: 2026-05-15 02:44 – Updated: 2026-05-16 03:56
VLAI
Summary
Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI250 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:16.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:40:57.043Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. \u003cbr\u003e"
}
],
"value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:44:54.735Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54517",
"datePublished": "2026-05-15T02:44:54.735Z",
"dateReserved": "2025-07-23T15:01:52.882Z",
"dateUpdated": "2026-05-16T03:56:16.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54511 (GCVE-0-2025-54511)
Vulnerability from nvd – Published: 2026-05-15 02:45 – Updated: 2026-05-15 11:21
VLAI
Summary
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | MI-25 |
Unaffected:
23.10
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:21:07.629106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:21:21.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MI-25",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "23.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:41:02.198Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.\u003cbr\u003e"
}
],
"value": "Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "CWE-274 Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:45:21.143Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54511",
"datePublished": "2026-05-15T02:45:21.143Z",
"dateReserved": "2025-07-23T15:01:52.882Z",
"dateUpdated": "2026-05-15T11:21:21.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31317 (GCVE-0-2023-31317)
Vulnerability from nvd – Published: 2026-05-15 02:47 – Updated: 2026-05-16 03:56
VLAI
Summary
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0
|
Date Public
2026-05-15 02:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:15.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
}
],
"datePublic": "2026-05-15T02:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:47:39.059Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31317",
"datePublished": "2026-05-15T02:47:12.434Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-05-16T03:56:15.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31316 (GCVE-0-2023-31316)
Vulnerability from nvd – Published: 2026-05-15 02:36 – Updated: 2026-05-15 16:38
VLAI
Summary
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1304 - Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Assigner
References
Impacted products
18 products
Date Public
2026-05-15 02:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:37:05.742579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:38:45.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6 1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.Ca"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.Ca"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7_1.1.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Renoir-FP6 1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6_1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6_1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI_FP7r2 1009"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1304",
"description": "CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:36:46.858Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31316",
"datePublished": "2026-05-15T02:36:10.619Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-05-15T16:38:45.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23826 (GCVE-0-2022-23826)
Vulnerability from nvd – Published: 2026-05-15 02:30 – Updated: 2026-05-15 13:20
VLAI
Summary
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.0.E
|
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.0.E
|
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
ComboAM4v2 PI 1.2.0.8
|
|
| AMD | AMD Ryzen™ Embedded R1000 Series Processors |
Unaffected:
EmbeddedPI-FP5_1.2.0.A
|
|
| AMD | AMD Ryzen™ Embedded R2000 Series Processors |
Unaffected:
EmbeddedR2KPI-FP5_1.0.0.2
|
|
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") |
Unaffected:
EmbeddedPI-FP5_1.2.0.A
|
|
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") |
Unaffected:
120A
|
|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Product |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Radeon™ Instinct™ MI25 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:29
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:20:50.340534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:20:55.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5_1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5_1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5_1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "120A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Product",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 Instinct\u2122 MI25",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.\u003cbr\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:30:46.618Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23826",
"datePublished": "2026-05-15T02:30:16.389Z",
"dateReserved": "2022-01-21T17:20:55.780Z",
"dateUpdated": "2026-05-15T13:20:55.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31323 (GCVE-0-2023-31323)
Vulnerability from nvd – Published: 2026-02-12 17:45 – Updated: 2026-02-12 18:33
VLAI
Summary
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type (‘Type Confusion’)
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Affected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Affected:
No fix planned
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-12 17:44
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:33:24.608813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:33:47.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-12T17:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u2018Type Confusion\u2019)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T17:45:36.223Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31323",
"datePublished": "2026-02-12T17:45:12.151Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-02-12T18:33:47.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31313 (GCVE-0-2023-31313)
Vulnerability from nvd – Published: 2026-02-12 14:16 – Updated: 2026-02-12 21:13
VLAI
Summary
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended Proxy or Intermediary (?Confused Deputy?)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4.2
|
Date Public
2026-02-12 14:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T21:13:16.059086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T21:13:23.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
}
],
"datePublic": "2026-02-12T14:16:21.943Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:16:53.918Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31313",
"datePublished": "2026-02-12T14:16:53.918Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-02-12T21:13:23.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31324 (GCVE-0-2023-31324)
Vulnerability from nvd – Published: 2026-02-11 14:34 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:37.735258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
}
],
"datePublic": "2026-02-11T14:11:05.353Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:34:54.024Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31324",
"datePublished": "2026-02-11T14:34:54.024Z",
"dateReserved": "2023-04-27T15:25:41.424Z",
"dateUpdated": "2026-02-11T15:42:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20548 (GCVE-0-2023-20548)
Vulnerability from nvd – Published: 2026-02-11 14:35 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:36.072812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-11T14:11:10.415Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:35:16.063Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20548",
"datePublished": "2026-02-11T14:35:16.063Z",
"dateReserved": "2022-10-27T18:53:39.744Z",
"dateUpdated": "2026-02-11T15:42:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0010 (GCVE-0-2025-0010)
Vulnerability from nvd – Published: 2025-09-06 18:26 – Updated: 2025-09-08 19:56
VLAI
Summary
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
35 products
Date Public
2025-09-06 18:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T19:56:34.478973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T19:56:43.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI200",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-09-06T18:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T18:26:15.118Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-0010",
"datePublished": "2025-09-06T18:26:15.118Z",
"dateReserved": "2024-10-10T20:27:46.721Z",
"dateUpdated": "2025-09-08T19:56:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36342 (GCVE-0-2024-36342)
Vulnerability from nvd – Published: 2025-09-06 17:42 – Updated: 2026-02-26 17:49
VLAI
Summary
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Impacted products
40 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ AI 300 Series Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 8000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 9000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ Embedded R2000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded V2000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded 8000 Series |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 9000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Radeon™ PRO V520 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2025-09-06 17:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T03:55:24.593599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:09.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 8000 Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 9000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-09-06T17:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:27:40.844Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36342",
"datePublished": "2025-09-06T17:42:00.232Z",
"dateReserved": "2024-05-23T19:44:47.200Z",
"dateUpdated": "2026-02-26T17:49:09.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0481 (GCVE-0-2026-0481)
Vulnerability from cvelistv5 – Published: 2026-05-15 03:04 – Updated: 2026-05-15 11:11
VLAI
Summary
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1327 - Binding to an Unrestricted IP Address
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI350X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI355X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
|
| AMD | AMD Instinct™ MI250X |
Unaffected:
DME v1.4.1.2 and v1.4.0.1
|
Date Public
2026-05-15 03:04
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:11:38.875260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:11:51.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI350X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI355X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DME v1.4.1.2 and v1.4.0.1"
}
]
}
],
"datePublic": "2026-05-15T03:04:39.049Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability\u003cbr\u003e"
}
],
"value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1327",
"description": "CWE-1327 Binding to an Unrestricted IP Address",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:04:56.312Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2026-0481",
"datePublished": "2026-05-15T03:04:56.312Z",
"dateReserved": "2025-12-06T15:11:33.632Z",
"dateUpdated": "2026-05-15T11:11:51.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52532 (GCVE-0-2025-52532)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:59 – Updated: 2026-05-15 11:13
VLAI
Summary
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
GIM Driver 8.4
|
Date Public
2026-05-15 02:59
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:13:09.310368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:13:19.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:59:27.631Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.\u003cbr\u003e"
}
],
"value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:59:46.954Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-52532",
"datePublished": "2026-05-15T02:59:46.954Z",
"dateReserved": "2025-06-17T16:53:10.412Z",
"dateUpdated": "2026-05-15T11:13:19.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31317 (GCVE-0-2023-31317)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:47 – Updated: 2026-05-16 03:56
VLAI
Summary
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0
|
Date Public
2026-05-15 02:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:15.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
}
],
"datePublic": "2026-05-15T02:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:47:39.059Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31317",
"datePublished": "2026-05-15T02:47:12.434Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-05-16T03:56:15.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54511 (GCVE-0-2025-54511)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:45 – Updated: 2026-05-15 11:21
VLAI
Summary
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | MI-25 |
Unaffected:
23.10
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T11:21:07.629106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:21:21.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MI-25",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "23.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:41:02.198Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.\u003cbr\u003e"
}
],
"value": "Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "CWE-274 Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:45:21.143Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54511",
"datePublished": "2026-05-15T02:45:21.143Z",
"dateReserved": "2025-07-23T15:01:52.882Z",
"dateUpdated": "2026-05-15T11:21:21.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54517 (GCVE-0-2025-54517)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:44 – Updated: 2026-05-16 03:56
VLAI
Summary
Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI250 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
GIM Driver 8.4
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:16.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GIM Driver 8.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2026-05-15T02:40:57.043Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. \u003cbr\u003e"
}
],
"value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:44:54.735Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54517",
"datePublished": "2026-05-15T02:44:54.735Z",
"dateReserved": "2025-07-23T15:01:52.882Z",
"dateUpdated": "2026-05-16T03:56:16.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66660 (GCVE-0-2025-66660)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:42 – Updated: 2026-05-15 16:10
VLAI
Summary
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q4 (25.10.37.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0.1
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0.1
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
BKC 26
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.3
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:09:50.527526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:10:53.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "BKC 26"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:40:46.460Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.\u003cbr\u003e"
}
],
"value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:44:05.001Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-66660",
"datePublished": "2026-05-15T02:42:33.035Z",
"dateReserved": "2025-12-06T15:03:58.970Z",
"dateUpdated": "2026-05-15T16:10:53.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66664 (GCVE-0-2025-66664)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:31
VLAI
Summary
Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q4 (25.10.37.01)
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q3.1 (25.10.32)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 7.0
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.3.1
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.3.1
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
BKC 26 (ROCm 7.0.1)
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:40
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:15:27.496279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:31:27.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 7.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "BKC 26 (ROCm 7.0.1)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:40:41.476Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception\u003cbr\u003e"
}
],
"value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception"
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:41:56.659Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-66664",
"datePublished": "2026-05-15T02:41:56.659Z",
"dateReserved": "2025-12-06T15:03:58.971Z",
"dateUpdated": "2026-05-15T16:31:27.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31316 (GCVE-0-2023-31316)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:36 – Updated: 2026-05-15 16:38
VLAI
Summary
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1304 - Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Assigner
References
Impacted products
18 products
Date Public
2026-05-15 02:35
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T16:37:05.742579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T16:38:45.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6 1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.Ca"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.Ca"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7_1.1.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Renoir-FP6 1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6_1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6_1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI_FP7r2 1009"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1304",
"description": "CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:36:46.858Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31316",
"datePublished": "2026-05-15T02:36:10.619Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-05-15T16:38:45.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-23826 (GCVE-0-2022-23826)
Vulnerability from cvelistv5 – Published: 2026-05-15 02:30 – Updated: 2026-05-15 13:20
VLAI
Summary
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
21 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.0.E
|
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.0.E
|
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
ComboAM4v2 PI 1.2.0.8
|
|
| AMD | AMD Ryzen™ Embedded R1000 Series Processors |
Unaffected:
EmbeddedPI-FP5_1.2.0.A
|
|
| AMD | AMD Ryzen™ Embedded R2000 Series Processors |
Unaffected:
EmbeddedR2KPI-FP5_1.0.0.2
|
|
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") |
Unaffected:
EmbeddedPI-FP5_1.2.0.A
|
|
| AMD | AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") |
Unaffected:
120A
|
|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Product |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards |
Unaffected:
AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Radeon™ Instinct™ MI25 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V520 |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2026-05-15 02:29
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T13:20:50.340534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T13:20:55.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5_1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5_1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5_1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "120A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Product",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 Instinct\u2122 MI25",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"datePublic": "2026-05-15T02:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.\u003cbr\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T02:30:46.618Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23826",
"datePublished": "2026-05-15T02:30:16.389Z",
"dateReserved": "2022-01-21T17:20:55.780Z",
"dateUpdated": "2026-05-15T13:20:55.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31323 (GCVE-0-2023-31323)
Vulnerability from cvelistv5 – Published: 2026-02-12 17:45 – Updated: 2026-02-12 18:33
VLAI
Summary
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type (‘Type Confusion’)
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Affected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Affected:
No fix planned
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-12 17:44
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T18:33:24.608813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T18:33:47.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-12T17:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u2018Type Confusion\u2019)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T17:45:36.223Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31323",
"datePublished": "2026-02-12T17:45:12.151Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-02-12T18:33:47.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31313 (GCVE-0-2023-31313)
Vulnerability from cvelistv5 – Published: 2026-02-12 14:16 – Updated: 2026-02-12 21:13
VLAI
Summary
An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-441 - Unintended Proxy or Intermediary (?Confused Deputy?)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4.2
|
Date Public
2026-02-12 14:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T21:13:16.059086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T21:13:23.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4.2"
}
]
}
],
"datePublic": "2026-02-12T14:16:21.943Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (?Confused Deputy?)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:16:53.918Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31313",
"datePublished": "2026-02-12T14:16:53.918Z",
"dateReserved": "2023-04-27T15:25:41.423Z",
"dateUpdated": "2026-02-12T21:13:23.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20548 (GCVE-0-2023-20548)
Vulnerability from cvelistv5 – Published: 2026-02-11 14:35 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
No fix planned
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.2
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.2
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:36.072812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:32.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "No fix planned"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.2"
}
]
}
],
"datePublic": "2026-02-11T14:11:10.415Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:35:16.063Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20548",
"datePublished": "2026-02-11T14:35:16.063Z",
"dateReserved": "2022-10-27T18:53:39.744Z",
"dateUpdated": "2026-02-11T15:42:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31324 (GCVE-0-2023-31324)
Vulnerability from cvelistv5 – Published: 2026-02-11 14:34 – Updated: 2026-02-11 15:42
VLAI
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
Date Public
2026-02-11 14:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:36:37.735258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:42:39.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
}
],
"datePublic": "2026-02-11T14:11:05.353Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T14:34:54.024Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31324",
"datePublished": "2026-02-11T14:34:54.024Z",
"dateReserved": "2023-04-27T15:25:41.424Z",
"dateUpdated": "2026-02-11T15:42:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0010 (GCVE-0-2025-0010)
Vulnerability from cvelistv5 – Published: 2025-09-06 18:26 – Updated: 2025-09-08 19:56
VLAI
Summary
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
35 products
Date Public
2025-09-06 18:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T19:56:34.478973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T19:56:43.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI200",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 24.30.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-09-06T18:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e"
}
],
"value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T18:26:15.118Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-0010",
"datePublished": "2025-09-06T18:26:15.118Z",
"dateReserved": "2024-10-10T20:27:46.721Z",
"dateUpdated": "2025-09-08T19:56:43.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36342 (GCVE-0-2024-36342)
Vulnerability from cvelistv5 – Published: 2025-09-06 17:42 – Updated: 2026-02-26 17:49
VLAI
Summary
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
Impacted products
40 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ AI 300 Series Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 8000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 9000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processors |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
Radeon Software for Linux 25.10.x
|
|
| AMD | AMD Ryzen™ Embedded R2000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded V2000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded 8000 Series |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 Series Processors |
Unaffected:
amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
|
|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 7000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX 9000 Series Graphics Products |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ RX Vega Series Graphics Cards |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Radeon™ PRO VII |
Unaffected:
Radeon Software for Linux 25.10.1
|
|
| AMD | AMD Instinct™ MI210 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI250 |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300A |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI300X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI308X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Instinct™ MI325X |
Unaffected:
ROCm 6.4
|
|
| AMD | AMD Radeon™ PRO V520 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V620 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
|
| AMD | AMD Radeon™ PRO V710 Graphics Products |
Unaffected:
Contact your AMD Customer Engineering representative
|
Date Public
2025-09-06 17:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T03:55:24.593599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:09.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 AI 300 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.x"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 8000 Series",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX 9000 Series Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO VII",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Radeon Software for Linux 25.10.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI210",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI250",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI308X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI325X",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ROCm 6.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V520 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V620 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Radeon\u2122 PRO V710 Graphics Products",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Contact your AMD Customer Engineering representative"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-09-06T17:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:27:40.844Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-36342",
"datePublished": "2025-09-06T17:42:00.232Z",
"dateReserved": "2024-05-23T19:44:47.200Z",
"dateUpdated": "2026-02-26T17:49:09.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}