Description
Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition.
Published: 2026-05-15
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from improper isolation of GPU hardware register space, which permits a privileged attacker operating within a malicious guest virtual machine to read or write to a restricted range of GPU MMIO registers. This unauthorized access can trigger a host operating system reboot, resulting in a denial‑of‑service condition. The weakness corresponds to a privilege escalation flaw outlined by CWE‑1189.

Affected Systems

AMD Radeon PRO V710 GPUs are affected. The issue is limited to the specific register range hardware for this GPU model, and no other AMD GPUs are confirmed to be impacted.

Risk and Exploitability

The CVSS score of 6.8 signals a moderate risk. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The exploit requires a privileged guest VM environment. An attacker would need to run a malicious virtual machine with sufficient rights to target the vulnerable GPU registers, after which the host could reboot, causing a denial‑of‑service. There is no evidence of a publicly available exploit, but the impact would be significant if exploitation occurs.

Generated by OpenCVE AI on May 15, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or driver update for AMD Radeon PRO V710 as released in AMD SB‑6027 to fix the register isolation issue.
  • Restrict or disable GPU passthrough for untrusted virtual machines to prevent them from reaching the vulnerable register space.
  • Monitor host logs for GPU‑related crashes and implement reboot recovery procedures to mitigate downtime.

Generated by OpenCVE AI on May 15, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd radeon Pro V710
Vendors & Products Amd
Amd radeon Pro V710

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Guest VM Privilege Escalation: Unauthorized GPU Register Access Causing Host Reboot

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition.
Weaknesses CWE-1189
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amd Radeon Pro V710
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:36:00.217Z

Reserved: 2024-05-23T19:44:44.387Z

Link: CVE-2024-36332

cve-icon Vulnrichment

Updated: 2026-05-15T13:35:56.019Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:20.953

Modified: 2026-05-15T14:10:17.083

Link: CVE-2024-36332

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses