Description
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
Published: 2026-05-15
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an improper privilege check within AMD’s Secure Processor (ASP), allowing an attacker to supply a value to a function without the necessary permissions and successfully write data. This can lead to loss of integrity and availability of the affected system, as the attacker can modify protected data or behavior. It is an instance of CWE‑274, Incorrect Privilege Assignment.

Affected Systems

Affected GPUs and accelerators include AMD Instinct MI210, MI250, Radeon PRO V520, V620, and the MI‑25 series. Specific revision or firmware versions are not listed in the advisory, so all current models that contain the vulnerable ASP logic may be impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability. The EPSS score is not provided, and the vulnerability is not listed in the CISA KEV catalog, suggesting that large‑scale exploitation is not currently documented. The likely attack vector is a local or privileged attacker who can interface with the Secure Processor, as the flaw requires invoking an ASP function with elevated privileges, and should be considered when assessing internal threat models.

Generated by OpenCVE AI on May 15, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD firmware and driver updates that incorporate the ASP privilege controls for the affected GPU series.
  • Restrict or remove non‑essential access to the Secure Processor interface from unprivileged users or processes to reduce privilege escalation opportunities.
  • Enable logging and monitoring for abnormal write operations or privilege‑elevation attempts involving the Secure Processor to detect potential exploitation.

Generated by OpenCVE AI on May 15, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
Weaknesses CWE-274
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T11:21:21.819Z

Reserved: 2025-07-23T15:01:52.882Z

Link: CVE-2025-54511

cve-icon Vulnrichment

Updated: 2026-05-15T11:21:16.296Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:22.370

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-54511

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses