Primary

Context

AMD Products VCN-JPEG Hardware Register Space Vulnerability Allowing Unauthorized Access and Data Manipulation

Vulnerability

Patched

A vulnerability exists due to improper isolation of the VCN-JPEG hardware register space. This flaw could enable a malicious guest virtual machine (VM) or process to access the register space of the JPEG cores assigned to a victim VM or process. Exploitation of this vulnerability could lead to unauthorized read or write access to the victim's data.

Impact

Exploitation could result in unauthorized access to a VM's or process's data, with the potential for arbitrary read or write operations.

Remediation

Users are advised to update to AMD ROCm version 6.3 or later. Specific update details can be found in the AMD Security Bulletin AMD-SB-6027.

Added: May 15, 2026, 5:25 AM

Updated: May 15, 2026, 5:25 AM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

5.0

exploitability

2.9

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

5.0

exploitability

2.9

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Products VCN-JPEG Hardware Register Space Vulnerability Allowing Unauthorized Access and Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

AMD Instinct MI300A

AMD Instinct MI300X

AMD Instinct MI308X

AMD Instinct MI325X

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating