Out-of-bounds Read in Amd Instinct™ Mi210

CVE-2025-66664

Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver mem…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (4.5th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi210 — versions ROCm 7.0
Amd Instinct™ Mi250 — versions ROCm 7.0
Amd Instinct™ Mi300a — versions BKC 26 (ROCm 7.0.1)
Amd Instinct™ Mi300x — versions ROCm 6.3.1
Amd Instinct™ Mi308x — versions ROCm 6.4.2
Amd Instinct™ Mi325x — versions ROCm 6.3.1
Amd Radeon™ Pro V520 — versions Contact your AMD Customer Engineering representative
Amd Radeon™ Pro V620 — versions Contact your AMD Customer Engineering representative
Amd Radeon™ Pro V710 — versions Contact your AMD Customer Engineering representative
Amd Radeon™ Pro W6000 Series Graphics Products — versions AMD Software: PRO Edition 25.Q4 (25.10.37.01)

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

psirt@amd.com