Description
Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
Published: 2026-05-15
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write is present in the AMDGV_CMD_GET_DIAG_DATA ioctl handler. A local user who can invoke this ioctl could cause memory corruption that may lead to arbitrary code execution. This vulnerability falls under CWE‑787, indicating unsafe handling of buffer offsets or lengths. If exploited, an attacker could raise privileges on the host system by running code with elevated rights.

Affected Systems

The flaw affects AMD Instinct GPU families MI210, MI250, MI300A, MI300X, MI308X, MI325X and the Radeon PRO series V620 and V710. These GPUs are typically used in data‑center or workstation environments. No specific firmware or driver version ranges are listed in the advisory.

Risk and Exploitability

The CVSS score of 8.5 marks the issue as high severity. EPSS is not available, and the vulnerability is not yet listed in the CISA KEV catalog. The known attack path requires a local user to execute a malicious ioctl; therefore the attack is practical on systems where the compromised user can access the GPU device. Once triggered, the out‑of‑bounds write can escape the driver context and execute arbitrary code, achieving privilege escalation.

Generated by OpenCVE AI on May 15, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD GPU driver release that contains the fix for the AMDGV_CMD_GET_DIAG_DATA ioctl.
  • Check AMD’s product‑security bulletin and install any available patch or firmware update.
  • Restrict physical device access so that only privileged users can open the GPU device files (e.g., /dev/dri/card*) and consider disabling the diagnostic ioctl for non‑trusted applications.
  • Enable kernel hardening features such as SMEP, SMAP, and KASLR to mitigate the impact of memory corruption in drivers.

Generated by OpenCVE AI on May 15, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd instinct Mi210
Amd instinct Mi250
Amd instinct Mi300a
Amd instinct Mi300x
Amd instinct Mi308x
Amd instinct Mi325x
Amd radeon Pro V620
Amd radeon Pro V710
Vendors & Products Amd
Amd instinct Mi210
Amd instinct Mi250
Amd instinct Mi300a
Amd instinct Mi300x
Amd instinct Mi308x
Amd instinct Mi325x
Amd radeon Pro V620
Amd radeon Pro V710

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in AMD GPU Diagnostic IOCTL Enables Local Privilege Escalation

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution.
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amd Instinct Mi210 Instinct Mi250 Instinct Mi300a Instinct Mi300x Instinct Mi308x Instinct Mi325x Radeon Pro V620 Radeon Pro V710
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-16T03:56:16.242Z

Reserved: 2025-07-23T15:01:52.882Z

Link: CVE-2025-54517

cve-icon Vulnrichment

Updated: 2026-05-15T14:06:51.976Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:22.493

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-54517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses