CVE-2025-66660

EPSS 0.03%
Veröffentlicht 15.05.2026 02:42:33
Zuletzt bearbeitet 15.05.2026 14:10:17
Quelle psirt@amd.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 12 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt AMD Radeon™ RX 6000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ RX 7000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO W6000 Series Graphics Products

Default Statusaffected

Version AMD Software: PRO Edition 25.Q4 (25.10.37.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO W7000 Series Graphics Products

Default Statusaffected

Version AMD Software: PRO Edition 25.Q3.1 (25.10.32)

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI210

Default Statusaffected

Version ROCm 7.0.1

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI250

Default Statusaffected

Version ROCm 7.0.1

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300A

Default Statusaffected

Version BKC 26

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300X

Default Statusaffected

Version ROCm 6.3

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI325X

Default Statusaffected

Version ROCm 6.3

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI308X

Default Statusaffected

Version ROCm 6.4.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO V620

Default Statusaffected

Version Contact your AMD Customer Engineering representative

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO V710

Default Statusaffected

Version Contact your AMD Customer Engineering representative

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.075

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@amd.com	1.8	0	0	CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

https://nvd.nist.gov/vuln/detail/CVE-2025-66660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66660

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66660