Description
Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
Published: 2026-05-15
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient sanitization of parameters in the AMD Secure Processor (ASP) TEE SOC Driver allows a malformed SR-IOV command (DRV_SOC_CMD_ID_LOAD_GFX_IP_FW) to trigger an out-of-bounds read. The read may expose sensitive SOC Driver memory contents or cause an exception, potentially compromising confidential driver data.

Affected Systems

The vulnerability affects a range of AMD GPUs and graphics products, including the AMD Instinct MI210, MI250, MI300A, MI300X, MI308X, MI325X and various AMD Radeon PRO and RX series. No specific version information is provided, so all current firmware or driver revisions of the listed products are considered at risk.

Risk and Exploitability

The CVSS score of 4.6 indicates moderate severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The attack vector is likely an entity capable of sending a malformed SR-IOV command to the ASP TEE SOC Driver; the exact prerequisites are not specified, but it would generally require local privileges or the ability to interact with the driver’s command interface. Exploitation could lead to memory exposure or driver exception, with no clear evidence of remote code execution or privilege escalation at this time.

Generated by OpenCVE AI on May 15, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any AMD patch or firmware update that corrects the parameter sanitization flaw in the ASP TEE SOC Driver.
  • Restrict execution of SR‑IOV commands to trusted or privileged processes by configuring host or hypervisor access controls.
  • Enable driver or kernel‑level logging for anomalous DRV_SOC_CMD_ID_LOAD_GFX_IP_FW command activity and review logs for signs of exploitation attempts.

Generated by OpenCVE AI on May 15, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T16:31:27.722Z

Reserved: 2025-12-06T15:03:58.971Z

Link: CVE-2025-66664

cve-icon Vulnrichment

Updated: 2026-05-15T16:30:41.817Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:22.747

Modified: 2026-05-15T14:10:17.083

Link: CVE-2025-66664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses