Description
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
High
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
High
Affected products
- AMD / AMD Instinct™ MI210ROCm 7.0 – ROCm 7.0
- AMD / AMD Instinct™ MI250ROCm 7.0 – ROCm 7.0
- AMD / AMD Radeon™ PRO W6000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32) – AMD Software: PRO Edition 25.Q3.1 (25.10.32)
- AMD / AMD Radeon™ PRO W7000 Series Graphics ProductsAMD Software: PRO Edition 25.Q3.1 (25.10.32) – AMD Software: PRO Edition 25.Q3.1 (25.10.32)
- AMD / AMD Radeon™ RX 6000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.10.33.03) – AMD Software: Adrenalin Edition 25.11.1 (25.10.33.03)
- AMD / AMD Radeon™ RX 7000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.11.1 (25.20.29.01) – AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01)