Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.
AnalysisAI
Insufficient parameter sanitization in the AMD TEE SOC Driver's DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT command handler allows high-privileged local attackers to trigger incorrect shared memory mapping via malformed parameters, potentially disclosing sensitive information. The vulnerability affects AMD Radeon RX 6000/7000, Radeon Pro W6000/W7000, and Instinct MI-series GPUs. CVSS 1.8 reflects high-privilege requirement and local-only attack vector with severe attack complexity, but the information disclosure impact and active vendor acknowledgment indicate targeted risk to privileged processes.
Technical ContextAI
The TEE (Trusted Execution Environment) SOC (System on Chip) Driver manages GPU compute resources and SR-IOV (Single-Root I/O Virtualization) virtual function compatibility checking on AMD RDNA and CDNA architecture GPUs. The vulnerability resides in the DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT ioctl command handler, which accepts parameters controlling GPU memory mapping operations without proper validation. CWE-1284 (Improper Validation of Specified Type) indicates that input parameters are not correctly validated against expected types or ranges before use in memory management operations, allowing attackers to construct requests that cause the driver to map shared memory regions incorrectly, potentially exposing kernel or hypervisor memory to unprivileged GPU processes.
RemediationAI
Consult AMD Security Bulletin SB-6027 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html for specific driver patch versions. Patch is available from AMD and should be applied to all affected GPU drivers. For systems unable to patch immediately, implement the following compensating controls: (1) Restrict access to /dev/kfd (HSA kernel driver file descriptor) and GPU compute queue permissions to only trusted, non-adversarial processes by enforcing group-based access control (e.g., chown root:gpu /dev/kfd; chmod 0660 /dev/kfd), limiting exposure to privileged attackers; (2) Run GPU workloads under unprivileged user accounts (non-root) in isolated containers or VMs with strict seccomp/AppArmor profiles to prevent privilege escalation to PR:H level; (3) For data center deployments, enable GPU memory access controls (if available in your hypervisor) to prevent cross-partition memory reads; (4) Monitor ioctl calls to the TEE SOC driver for DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT commands with suspicious parameter values. These mitigations reduce but do not eliminate risk if a high-privilege attacker is already on the system.
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside th
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly cre
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209877
GHSA-jfvc-65m7-7mhv