VDB

CISA-2025-0034

CISA-2025-0034 PUBLISHED CVSS 4.7 MEDIUM

Reported by AMD · Published September 6, 2025

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.

Risk Scores

CVSS 3.1
4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Affected Products

VendorProductVersions
AMDAMD Instinct™ MI300XROCm 6.3
AMDAMD Instinct™ MI325XROCm 6.3
AMDAMD Instinct™ MI300XROCm 6.3, ROCm 6.3
AMDAMD Instinct™ MI325XROCm 6.3, *

Timeline

  • Sep 6, 2025 CVE Published
  • Sep 8, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›