EUVD-2025-209878
GHSA-w6gm-fvfm-9m36
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability.
AnalysisAI
Improper privilege validation in AMD Secure Processor (ASP) allows authenticated local attackers to write data to restricted memory regions, compromising data integrity and potentially affecting system availability. The vulnerability affects AMD MI-25, MI250, MI210 accelerators and AMD Radeon Pro V520/V620 GPUs. No public exploit code has been identified, but the low attack complexity and authenticated network access vector indicate moderate real-world risk in data center and AI/ML environments where these devices are deployed.
Technical ContextAI
The AMD Secure Processor is a dedicated security coprocessor embedded in AMD EPYC processors, MI-series AI accelerators, and Radeon Pro GPUs that enforces security policies, manages encryption keys, and controls privileged operations. The vulnerability stems from CWE-274 (Improper Handling of Insufficient Privileges), a class of authorization flaws where the system fails to properly validate that an entity possesses required privilege levels before granting access to protected functions or memory regions. This specific instance involves a function that accepts input values without adequately checking the caller's privilege level, allowing an authenticated user with lower privileges to write data that should be restricted to higher-privilege contexts, such as secure firmware regions, attestation data, or encrypted memory pools.
RemediationAI
Contact AMD for firmware updates to the affected Secure Processor implementations; patches are referenced in AMD Security Bulletin AMD-SB-6027 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html. Organizations should prioritize updating systems in multi-tenant environments or those with untrusted user access. Until updates are available, restrict local user privileges on systems running affected MI-25, MI250, MI210, and Radeon Pro V520/V620 devices, enforce network-level access controls to limit remote connections to systems hosting these GPUs, and audit access logs for unauthorized ASP function calls if logging is available. Disable guest or unprivileged user access to GPU compute services if business operations permit. Note trade-offs: restricting user privileges may impact shared HPC or cloud workload scheduling; network isolation may reduce performance if applications require inter-node GPU communication.
More from same product – last 7 days
VM escape in Kata Containers allows any Kubernetes user with pod-creation rights to break out of the VM sandbox and gain
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug a
In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared r
Share
External POC / Exploit Code
Leaving vuln.today