Primary

Context

AMD Secure Processor TEE SOC Driver Out-of-Bounds Read Vulnerability

Vulnerability

A vulnerability exists in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) System on Chip (SOC) Driver due to inadequate parameter sanitization. This flaw could enable an attacker to send a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command, causing an out-of-bounds read. Such exploitation may lead to unauthorized exposure of SOC Driver memory contents or trigger an exception.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, potentially allowing for unauthorized access to memory contents of the SOC Driver, or causing an exception.

Remediation

Users are advised to update to AMD ROCm version 7.0 or later. For AMD Radeon PRO V620 graphics cards, update to version 25.Q4 (25.10.37.01).

Added: May 15, 2026, 3:21 AM

Updated: May 15, 2026, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

3.3

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

3.3

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Secure Processor TEE SOC Driver Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

AMD Secure Processor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating