CVE-2025-52532 - Vulnerability Details

- Race Condition in AMD Instinct GPU Virtualization Driver Causes Heap‑Based Buffer Overflow and Denial of Service

Description

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.

Published: 2026-05-15

Score: 2 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A race condition exists in the MxGPU‑Virtualization driver’s ioctl path when multiple processes access the global variable amdgv_cmd concurrently without proper synchronization. This unsynchronized access can trigger a heap‑based buffer overflow, which an attacker could exploit to cause a denial of service in the context of the vulnerable system. The vulnerability is classed as CWE‑367, a race condition. The potential impact is localized to the system running the driver and can lead to kernel crashes or device failure.

Affected Systems

AMD Instinct MI210, AMD Instinct MI250, AMD Instinct MI300A, AMD Instinct MI300X, AMD Instinct MI308X, AMD Instinct MI325X, AMD Radeon PRO V620, and AMD Radeon PRO V710 are all affected by this flaw. Specific firmware or driver revision numbers are not listed in the provided data.

Risk and Exploitability

With a CVSS score of 2, the severity level is low. The EPSS score is not available and the vulnerability does not appear in the CISA KEV catalog, indicating a low likelihood of widespread exploitation. Attackers would need to obtain access to send malicious ioctl requests to the driver, implying a local or privileged attacker perspective unless the virtualized environment exposes the device to untrusted guests.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD Radeon™ PRO V620

affected

Version	Status	Constraints
`Contact your AMD Customer Engineering representative`	unaffected	—

AMD

AMD Radeon™ PRO V710

affected

Version	Status	Constraints
`Contact your AMD Customer Engineering representative`	unaffected	—

AMD

AMD Instinct™ MI250

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

AMD

AMD Instinct™ MI308X

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

AMD

AMD Instinct™ MI300A

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

AMD

AMD Instinct™ MI300X

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

AMD

AMD Instinct™ MI325X

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

AMD

AMD Instinct™ MI210

affected

Version	Status	Constraints
`GIM Driver 8.4`	unaffected	—

No data.

Vendor Product Confidence Versions

Amd

Instinct Mi210

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Instinct Mi250

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Instinct Mi300a

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Instinct Mi300x

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Instinct Mi308x

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Instinct Mi325x

88%

Version	Status	Scheme	Platform
`GIM Driver 8.4`	unaffected	generic	—

Amd

Radeon Pro V620

88%

Version	Status	Scheme	Platform
`Contact your AMD Customer Engineering representative`	unaffected	generic	—

Amd

Radeon Pro V710

88%

Version	Status	Scheme	Platform
`Contact your AMD Customer Engineering representative`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

If AMD releases an updated driver or firmware that addresses the race condition, install that update as soon as possible.
Until a patch is available, restrict access to the GPU device and its virtualization interface to trusted users and processes only, preventing unprivileged or guest machines from issuing ioctl calls.
Consider disabling or removing the MxGPU‑Virtualization feature if it is not required for your workload to eliminate the attack surface.

Generated by OpenCVE AI on May 15, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

History

Fri, 15 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 May 2026 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd instinct Mi210 Amd instinct Mi250 Amd instinct Mi300a Amd instinct Mi300x Amd instinct Mi308x Amd instinct Mi325x Amd radeon Pro V620 Amd radeon Pro V710
Vendors & Products		Amd Amd instinct Mi210 Amd instinct Mi250 Amd instinct Mi300a Amd instinct Mi300x Amd instinct Mi308x Amd instinct Mi325x Amd radeon Pro V620 Amd radeon Pro V710

Fri, 15 May 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title		Race Condition in AMD Instinct GPU Virtualization Driver Causes Heap‑Based Buffer Overflow and Denial of Service

Fri, 15 May 2026 04:30:00 +0000

Type	Values Removed	Values Added
Description		A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
Weaknesses		CWE-367
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Metrics		cvssV4_0 `{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Amd Instinct Mi210 Instinct Mi250 Instinct Mi300a Instinct Mi300x Instinct Mi308x Instinct Mi325x Radeon Pro V620 Radeon Pro V710

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-05-15T02:59:46.954Z

Updated: 2026-05-15T11:13:19.425Z

Reserved: 2025-06-17T16:53:10.412Z

Link: CVE-2025-52532

Vulnrichment

Updated: 2026-05-15T11:13:14.598Z

NVD

Status : Awaiting Analysis

Published: 2026-05-15T05:16:32.890

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-52532

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses

CWE-367

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object