Description
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.
Published: 2026-05-15
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper cleanup of shared register resources in AMD GPU firmware, falling under CWE-459. An administrator‑privileged attacker running inside one Guest Virtual Machine can read or otherwise manipulate the register resources of another Guest VM. This can lead to loss of confidentiality, integrity, or availability across virtual guests.

Affected Systems

The flaw affects AMD Instinct MI210, AMD Instinct MI300X, AMD Instinct MI325X, and AMD Radeon PRO V710 GPUs. No specific firmware revision information is supplied, so any firmware that did not implement the fix is potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.6 indicates moderate severity. EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an admin‑level user inside a Guest VM and knowledge of the shared register mechanism, so while the likelihood is not high, the constrained attack surface gives the attacker meaningful access to data from other guests.

Generated by OpenCVE AI on May 15, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest AMD GPU firmware update that addresses improper register cleanup.
  • Configure the hypervisor or GPU settings to disable shared register mode between Guest VMs if possible.
  • Enforce least privilege for admin users in guest operating systems to limit their ability to exploit shared register resources.

Generated by OpenCVE AI on May 15, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd instinct Mi210
Amd instinct Mi300x
Amd instinct Mi325x
Amd radeon Pro V710
Vendors & Products Amd
Amd instinct Mi210
Amd instinct Mi300x
Amd instinct Mi325x
Amd radeon Pro V710

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Improper cleanup of GPU shared register resources enabling cross‑VM data leakage

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.
Weaknesses CWE-459
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Amd Instinct Mi210 Instinct Mi300x Instinct Mi325x Radeon Pro V710
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T11:33:11.565Z

Reserved: 2025-12-06T13:53:32.646Z

Link: CVE-2026-0427

cve-icon Vulnrichment

Updated: 2026-05-15T11:33:00.084Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:22.873

Modified: 2026-05-15T14:10:17.083

Link: CVE-2026-0427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T11:15:25Z

Weaknesses