Vulnerability in Amd Instinct™ Mi300a

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.

EPSS: 0.000 (9.3th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi300a — versions BKC 26
Amd Instinct™ Mi300x — versions ROCm 6.3.1
Amd Instinct™ Mi308x — versions ROCm 6.4.2
Amd Instinct™ Mi325x — versions ROCm 6.3.1

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

References

psirt@amd.com