Skip to main content

AMD GPU Firmware CVE-2026-0427

| EUVD-2026-30501 MEDIUM
Incomplete Cleanup (CWE-459)
2026-05-15 AMD GHSA-j384-fpqm-4mmh
Information Disclosure
4.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 15, 2026 - 03:33 vuln.today
CVSS changed
May 15, 2026 - 03:22 NVD
4.6 (MEDIUM)
CVE Published
May 15, 2026 - 02:51 nvd
MEDIUM 4.6

DescriptionNVD

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

AnalysisAI

Improper cleanup of shared GPU firmware registers in AMD Instinct and Radeon Pro accelerators allows admin-privileged attackers within guest virtual machines to access registers allocated to other guest VMs, potentially compromising confidentiality, integrity, or availability across isolated workloads. The vulnerability requires local admin privileges within a guest VM and affects multiple GPU product lines used in data center and HPC environments.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-0427 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy