CVE-2025-66664

EPSS 0.01%
Veröffentlicht 15.05.2026 02:41:56
Zuletzt bearbeitet 15.05.2026 14:10:17
Quelle psirt@amd.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 13 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerAMD

≫

Produkt AMD Radeon™ RX 6000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ RX 7000 Series Graphics Products

Default Statusaffected

Version AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO W6000 Series Graphics Products

Default Statusaffected

Version AMD Software: PRO Edition 25.Q4 (25.10.37.01)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO W7000 Series Graphics Products

Default Statusaffected

Version AMD Software: PRO Edition 25.Q3.1 (25.10.32)

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI250

Default Statusaffected

Version ROCm 7.0

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI210

Default Statusaffected

Version ROCm 7.0

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300X

Default Statusaffected

Version ROCm 6.3.1

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI325X

Default Statusaffected

Version ROCm 6.3.1

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI308X

Default Statusaffected

Version ROCm 6.4.2

Status unaffected

HerstellerAMD

≫

Produkt AMD Instinct™ MI300A

Default Statusaffected

Version BKC 26 (ROCm 7.0.1)

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO V520

Default Statusaffected

Version Contact your AMD Customer Engineering representative

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO V620

Default Statusaffected

Version Contact your AMD Customer Engineering representative

Status unaffected

HerstellerAMD

≫

Produkt AMD Radeon™ PRO V710

Default Statusaffected

Version Contact your AMD Customer Engineering representative

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@amd.com	4.6	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

https://nvd.nist.gov/vuln/detail/CVE-2025-66664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66664

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66664