Primary

Context

AMD TEE SOC Driver Insufficient Parameter Sanitization Vulnerability Allowing Out-of-Bounds Memory Access

Vulnerability

A vulnerability exists in the Trusted Execution Environment (TEE) System-on-a-Chip (SOC) driver due to inadequate parameter validation. This flaw could enable an attacker to send a malformed command, specifically the DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART, leading to unauthorized reading or writing beyond the limits of allocated arrays. Such actions could potentially disrupt platform integrity or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in out-of-bounds memory access, causing a denial-of-service or compromising platform integrity.

Remediation

Users are advised to update to the latest version of the AMD ROCm software. For specific guidance, refer to the AMD Radeon Graphics Cards tables in the AMD Radeon Software Bulletin.

Added: Sep 6, 2025, 10:57 PM

Updated: Sep 6, 2025, 10:57 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD TEE SOC Driver Insufficient Parameter Sanitization Vulnerability Allowing Out-of-Bounds Memory Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating