Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.
AnalysisAI
Insufficient parameter sanitization in TEE SOC Driver on AMD Instinct MI300A, MI300X, MI308X, and MI325X accelerators allows local high-privileged attackers to issue malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS commands that write invalid data to remote Dies, resulting in availability impact through unexpected behavior. The vulnerability requires local access and high privileges, with a CVSS score of 1.8 indicating minimal real-world risk despite potential data integrity concerns.
Technical ContextAI
The TEE (Trusted Execution Environment) SOC Driver in AMD Instinct MI-series accelerators handles SR-IOV (Single Root Input/Output Virtualization) chiplet register operations via the DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS command. The root cause is insufficient input validation (CWE-1284: Improper Validation of Specified Quantity in Input) when processing parameters for this command, allowing malformed requests to bypass sanitization checks. The affected products include MI300A, MI300X, MI308X, and MI325X accelerators used in high-performance computing and AI workloads. The vulnerability specifically impacts the driver's ability to validate data before writing to remote chiplet registers in multi-GPU configurations.
RemediationAI
Apply the security update provided by AMD in bulletin AMD-SB-6027, which addresses the TEE SOC Driver parameter sanitization flaw. Download the patched driver firmware from AMD's product security page and apply according to your accelerator deployment model and data center management tools. No workarounds are available for this driver-level vulnerability; firmware update is required. If immediate patching is not feasible, restrict physical and administrative access to systems with MI-series accelerators to trusted personnel only, and monitor system logs for unexpected chiplet register write operations. AMD-SB-6027 contains the exact patched firmware versions and deployment guidance for your specific accelerator SKU.
More in Amd Instinct Mi300A
View allImproper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perf
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the globa
Insufficient parameter sanitization in the AMD TEE SOC Driver's DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT command handler all
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30500
GHSA-ccr7-r78x-7jpq