The vulnerability stems from an improper restriction of operations within the bounds of a memory buffer in the AMD secure processor (ASP). This deficiency can allow an attacker to read or write to protected memory, potentially giving rise to arbitrary code execution within the scope of the processor. The weakness aligns with CWE‑119, a classic buffer overflow condition that undermines memory safety and can compromise confidentiality, integrity, and availability if exploited.

The affected products include AMD Instinct MI210 and MI250 accelerator cards, as well as AMD Radeon PRO W6000, W7000, RX 6000, and RX 7000 series graphics products. No specific firmware or driver version information is supplied in the advisory, so any model within these lines may be at risk until further detail is released.

The CVSS base score of 8.8 indicates a high severity potential for this flaw. The EPSS metric is unavailable, but the lack of a CISA KEV listing does not diminish the vulnerability's inherent risk. Because the defect resides in the secure processor, the attack vector is likely to require privileged local access or exploitation of graphics driver code; the description does not detail remote exploitation pathways, so this aspect is inferred rather than confirmed. The possibility of arbitrary code execution makes the flaw a critical concern for systems relying on these GPUs for secure or high‑performance tasks.