Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for AMD Instinct™ MI308X by AMD

    CVE-2026-0481 (GCVE-0-2026-0481)

    Vulnerability from nvd – Published: 2026-05-15 03:04 – Updated: 2026-05-15 11:11
    VLAI
    Summary
    Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1327 - Binding to an Unrestricted IP Address
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 03:04
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0481",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:11:38.875260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:11:51.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI350X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI355X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:04:39.049Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability\u003cbr\u003e"
                }
              ],
              "value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1327",
                  "description": "CWE-1327  Binding to an Unrestricted IP Address",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:04:56.312Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2026-0481",
        "datePublished": "2026-05-15T03:04:56.312Z",
        "dateReserved": "2025-12-06T15:11:33.632Z",
        "dateUpdated": "2026-05-15T11:11:51.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52532 (GCVE-0-2025-52532)

    Vulnerability from nvd – Published: 2026-05-15 02:59 – Updated: 2026-05-15 11:13
    VLAI
    Summary
    A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 02:59
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:13:09.310368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:13:19.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2026-05-15T02:59:27.631Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.\u003cbr\u003e"
                }
              ],
              "value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367  Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:59:46.954Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-52532",
        "datePublished": "2026-05-15T02:59:46.954Z",
        "dateReserved": "2025-06-17T16:53:10.412Z",
        "dateUpdated": "2026-05-15T11:13:19.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36323 (GCVE-0-2024-36323)

    Vulnerability from nvd – Published: 2026-05-15 02:59 – Updated: 2026-05-16 03:56
    VLAI
    Summary
    Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Security Vulnerability
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: Radeon Software for Linux 24.20.3
    Unaffected: AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: Radeon Software for Linux 24.20.3
    Unaffected: AMD Software: PRO Edition 25.Q3.1 (25.10.32)
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROC 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROC 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.3
    Create a notification for this product.
    Date Public
    2026-05-15 02:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36323",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:56:11.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 24.20.3"
                },
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 24.20.3"
                },
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROC 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROC 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:42:50.705Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.\u003cbr\u003e"
                }
              ],
              "value": "Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Vulnerability",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:59:08.150Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36323",
        "datePublished": "2026-05-15T02:59:08.150Z",
        "dateReserved": "2024-05-23T19:44:40.301Z",
        "dateUpdated": "2026-05-16T03:56:11.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0428 (GCVE-0-2026-0428)

    Vulnerability from nvd – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:34
    VLAI
    Summary
    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:34:23.455427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:34:39.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:36.026Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284  Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:41:13.879Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2026-0428",
        "datePublished": "2026-05-15T02:41:13.879Z",
        "dateReserved": "2025-12-06T13:53:33.452Z",
        "dateUpdated": "2026-05-15T16:34:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66664 (GCVE-0-2025-66664)

    Vulnerability from nvd – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:31
    VLAI
    Summary
    Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: AMD Software: PRO Edition 25.Q4 (25.10.37.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: AMD Software: PRO Edition 25.Q3.1 (25.10.32)
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.3.1
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.3.1
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.4.2
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: BKC 26 (ROCm 7.0.1)
    Create a notification for this product.
    AMD AMD Radeon™ PRO V520 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V620 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:15:27.496279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:31:27.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26 (ROCm 7.0.1)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V520",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:41.476Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125  Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:41:56.659Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-66664",
        "datePublished": "2026-05-15T02:41:56.659Z",
        "dateReserved": "2025-12-06T15:03:58.971Z",
        "dateUpdated": "2026-05-15T16:31:27.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66660 (GCVE-0-2025-66660)

    Vulnerability from nvd – Published: 2026-05-15 02:42 – Updated: 2026-05-15 16:10
    VLAI
    Summary
    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:09:50.527526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:10:53.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:46.460Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284  Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:44:05.001Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-66660",
        "datePublished": "2026-05-15T02:42:33.035Z",
        "dateReserved": "2025-12-06T15:03:58.970Z",
        "dateUpdated": "2026-05-15T16:10:53.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54517 (GCVE-0-2025-54517)

    Vulnerability from nvd – Published: 2026-05-15 02:44 – Updated: 2026-05-16 03:56
    VLAI
    Summary
    Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 02:40
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:56:16.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2026-05-15T02:40:57.043Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. \u003cbr\u003e"
                }
              ],
              "value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787  Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:44:54.735Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-54517",
        "datePublished": "2026-05-15T02:44:54.735Z",
        "dateReserved": "2025-07-23T15:01:52.882Z",
        "dateUpdated": "2026-05-16T03:56:16.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36319 (GCVE-0-2024-36319)

    Vulnerability from nvd – Published: 2026-02-12 17:41 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ AI MAX Series Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ AI 300 Series Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 8000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 9000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2026-02-12 17:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T04:56:40.296265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics;\r\nAMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI MAX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI 300 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 9000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-02-12T17:40:51.607Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debug code left active in AMD\u0027s Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.\u003cbr\u003e"
                }
              ],
              "value": "Debug code left active in AMD\u0027s Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1191",
                  "description": "CWE-1191  On-Chip Debug and Test Interface With Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T17:41:06.194Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36319",
        "datePublished": "2026-02-12T17:41:06.194Z",
        "dateReserved": "2024-05-23T19:44:40.300Z",
        "dateUpdated": "2026-02-26T14:44:20.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36342 (GCVE-0-2024-36342)

    Vulnerability from nvd – Published: 2025-09-06 17:42 – Updated: 2026-02-26 17:49
    VLAI
    Summary
    Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ AI 300 Series Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 9000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 8000 Series Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Radeon™ RX 5000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W5000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 9000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX Vega Series Graphics Cards Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO VII Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Radeon™ PRO V520 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V620 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2025-09-06 17:15
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T03:55:24.593599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:09.671Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI 300 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 8000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 9000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO VII",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V520 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2025-09-06T17:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.\u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1285",
                  "description": "CWE-1285  Improper Validation of Specified Index, Position, or Offset in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:27:40.844Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36342",
        "datePublished": "2025-09-06T17:42:00.232Z",
        "dateReserved": "2024-05-23T19:44:47.200Z",
        "dateUpdated": "2026-02-26T17:49:09.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0481 (GCVE-0-2026-0481)

    Vulnerability from cvelistv5 – Published: 2026-05-15 03:04 – Updated: 2026-05-15 11:11
    VLAI
    Summary
    Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1327 - Binding to an Unrestricted IP Address
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 03:04
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0481",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:11:38.875260Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:11:51.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI350X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI355X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DME v1.4.1.2 and v1.4.0.1"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:04:39.049Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability\u003cbr\u003e"
                }
              ],
              "value": "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1327",
                  "description": "CWE-1327  Binding to an Unrestricted IP Address",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:04:56.312Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2026-0481",
        "datePublished": "2026-05-15T03:04:56.312Z",
        "dateReserved": "2025-12-06T15:11:33.632Z",
        "dateUpdated": "2026-05-15T11:11:51.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52532 (GCVE-0-2025-52532)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:59 – Updated: 2026-05-15 11:13
    VLAI
    Summary
    A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 02:59
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T11:13:09.310368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T11:13:19.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2026-05-15T02:59:27.631Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.\u003cbr\u003e"
                }
              ],
              "value": "A race condition in the MxGPU-Virtualization driver\u2019s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367  Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:59:46.954Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-52532",
        "datePublished": "2026-05-15T02:59:46.954Z",
        "dateReserved": "2025-06-17T16:53:10.412Z",
        "dateUpdated": "2026-05-15T11:13:19.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36323 (GCVE-0-2024-36323)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:59 – Updated: 2026-05-16 03:56
    VLAI
    Summary
    Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Security Vulnerability
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: Radeon Software for Linux 24.20.3
    Unaffected: AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: Radeon Software for Linux 24.20.3
    Unaffected: AMD Software: PRO Edition 25.Q3.1 (25.10.32)
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROC 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROC 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.3
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.3
    Create a notification for this product.
    Date Public
    2026-05-15 02:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36323",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:56:11.834Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 24.20.3"
                },
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 24.20.3"
                },
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROC 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROC 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:42:50.705Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.\u003cbr\u003e"
                }
              ],
              "value": "Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Vulnerability",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:59:08.150Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36323",
        "datePublished": "2026-05-15T02:59:08.150Z",
        "dateReserved": "2024-05-23T19:44:40.301Z",
        "dateUpdated": "2026-05-16T03:56:11.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54517 (GCVE-0-2025-54517)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:44 – Updated: 2026-05-16 03:56
    VLAI
    Summary
    Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Date Public
    2026-05-15 02:40
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-16T03:56:16.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GIM Driver 8.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2026-05-15T02:40:57.043Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. \u003cbr\u003e"
                }
              ],
              "value": "Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787  Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:44:54.735Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-54517",
        "datePublished": "2026-05-15T02:44:54.735Z",
        "dateReserved": "2025-07-23T15:01:52.882Z",
        "dateUpdated": "2026-05-16T03:56:16.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66660 (GCVE-0-2025-66660)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:42 – Updated: 2026-05-15 16:10
    VLAI
    Summary
    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:09:50.527526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:10:53.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:46.460Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284  Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:44:05.001Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-66660",
        "datePublished": "2026-05-15T02:42:33.035Z",
        "dateReserved": "2025-12-06T15:03:58.970Z",
        "dateUpdated": "2026-05-15T16:10:53.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66664 (GCVE-0-2025-66664)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:31
    VLAI
    Summary
    Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: AMD Software: PRO Edition 25.Q4 (25.10.37.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: AMD Software: PRO Edition 25.Q3.1 (25.10.32)
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.3.1
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.3.1
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.4.2
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: BKC 26 (ROCm 7.0.1)
    Create a notification for this product.
    AMD AMD Radeon™ PRO V520 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V620 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:15:27.496279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:31:27.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q4 (25.10.37.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 25.Q3.1 (25.10.32)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26 (ROCm 7.0.1)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V520",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:41.476Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125  Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:41:56.659Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2025-66664",
        "datePublished": "2026-05-15T02:41:56.659Z",
        "dateReserved": "2025-12-06T15:03:58.971Z",
        "dateUpdated": "2026-05-15T16:31:27.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0428 (GCVE-0-2026-0428)

    Vulnerability from cvelistv5 – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:34
    VLAI
    Summary
    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    AMD
    Date Public
    2026-05-15 02:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-15T16:34:23.455427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-15T16:34:39.842Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "BKC 26"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.3.1"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T02:40:36.026Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "CWE-1284  Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T02:41:13.879Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2026-0428",
        "datePublished": "2026-05-15T02:41:13.879Z",
        "dateReserved": "2025-12-06T13:53:33.452Z",
        "dateUpdated": "2026-05-15T16:34:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36319 (GCVE-0-2024-36319)

    Vulnerability from cvelistv5 – Published: 2026-02-12 17:41 – Updated: 2026-02-26 14:44
    VLAI
    Summary
    Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics; AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ AI MAX Series Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ AI 300 Series Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 8000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 9000 Series Processors Unaffected: Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows® Catalyst™ driver [25.6.1] (68926)
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: 25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.2.4
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2026-02-12 17:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T04:56:40.296265Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics;\r\nAMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI MAX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI 300 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 25.5.1, AMD Software: PRO Edition 25.Q2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 9000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Q2 - 2025 AMD Embedded Ryzen[7000 8000 9000] Windows\u00ae Catalyst\u2122 driver [25.6.1] (68926)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "25.5.1 (25.10.01.09), AMD Software: PRO Edition 25.Q2(25.10.10), Radeon Software For Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.2.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "datePublic": "2026-02-12T17:40:51.607Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debug code left active in AMD\u0027s Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system.\u003cbr\u003e"
                }
              ],
              "value": "Debug code left active in AMD\u0027s Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity and availabilability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1191",
                  "description": "CWE-1191  On-Chip Debug and Test Interface With Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T17:41:06.194Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36319",
        "datePublished": "2026-02-12T17:41:06.194Z",
        "dateReserved": "2024-05-23T19:44:40.300Z",
        "dateUpdated": "2026-02-26T14:44:20.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-36342 (GCVE-0-2024-36342)

    Vulnerability from cvelistv5 – Published: 2025-09-06 17:42 – Updated: 2026-02-26 17:49
    VLAI
    Summary
    Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ AI 300 Series Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 9000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: Radeon Software for Linux 25.10.x
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 8000 Series Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0
    Create a notification for this product.
    AMD AMD Radeon™ RX 5000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W5000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 7000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO W7000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX 9000 Series Graphics Products Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ RX Vega Series Graphics Cards Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Radeon™ PRO VII Unaffected: Radeon Software for Linux 25.10.1
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300A Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI300X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI308X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Instinct™ MI325X Unaffected: ROCm 6.4
    Create a notification for this product.
    AMD AMD Radeon™ PRO V520 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V620 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    AMD AMD Radeon™ PRO V710 Graphics Products Unaffected: Contact your AMD Customer Engineering representative
    Create a notification for this product.
    Date Public
    2025-09-06 17:15
    Credits
    Reported through AMD Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-36342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-09T03:55:24.593599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:09.671Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 AI 300 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.x"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 8000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "amd_chipset_software_7.06.02.123.exe ,  PSP driver version: 5.39.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 9000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO VII",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Radeon Software for Linux 25.10.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300A",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI300X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI308X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI325X",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V520 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V620 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO V710 Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Contact your AMD Customer Engineering representative"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Reported through AMD Bug Bounty Program"
            }
          ],
          "datePublic": "2025-09-06T17:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.\u003cbr\u003e"
                }
              ],
              "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1285",
                  "description": "CWE-1285  Improper Validation of Specified Index, Position, or Offset in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-23T21:27:40.844Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-36342",
        "datePublished": "2025-09-06T17:42:00.232Z",
        "dateReserved": "2024-05-23T19:44:47.200Z",
        "dateUpdated": "2026-02-26T17:49:09.671Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }