CVE-2025-52532

Description

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

High

Attack Requirements

Present

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

AMD / AMD Instinct™ MI210GIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Instinct™ MI250GIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Instinct™ MI300AGIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Instinct™ MI300XGIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Instinct™ MI308XGIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Instinct™ MI325XGIM Driver 8.4 – GIM Driver 8.4
AMD / AMD Radeon™ PRO V620Contact your AMD Customer Engineering representative – Contact your AMD Customer Engineering representative
AMD / AMD Radeon™ PRO V710Contact your AMD Customer Engineering representative – Contact your AMD Customer Engineering representative

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html