AMD Graphics Vulnerabilities – May 2026
Summary
Audits performed on AMD graphics and datacenter accelerator products, as well as external reports received by AMD, uncovered potential vulnerabilities affecting AMD graphics, datacenter, and select client processors.
CVE Details
Refer to Glossary for explanation of terms
| CVE ID | CVE Description | CVSS Vector |
| CVE-2024-36323 | Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| CVE-2025-54517 | Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. | 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2024-36333 | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 7.0 (high) CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2024-36334 | Improper verification of cryptographic signature in the Radeon™ RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges, potentially resulting in arbitrary code execution. | 7.0 (high) CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2021-46747 | Insufficient granularity of access control in AMD Secure Processor (ASP) may allow an attacker with an untrusted user space application to map sensitive System Management Network (SMN) apertures, potentially resulting in an escalation of privileges. | 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2023-31316 | Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the Trusted Memory Range (TMR) to change the execution flow of the Video Core Next (VCN) firmware, potentially impacting confidentiality, integrity, or availability. | 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L |
| CVE-2022-23817 | Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation. | 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2024-36332 | Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition. | 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| CVE-2023-31317 | Improper restriction of operations within the bounds of a memory buffer in the AMD Secure Processer (ASP) could allow an attacker to read or write to protected memory, potentially resulting in arbitrary code execution. | 8.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| CVE-2025-54511 | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity and availability. | 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
| CVE-2025-0040 | Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of Cross-chip Debug (XCD) registers, potentially resulting in loss of data integrity or confidentiality. | 5.3 CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| CVE-2023-31309 | Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM, potentially resulting in a loss of confidentiality and/or availability. | 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2025-0044 | An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially result in a partial loss of confidentiality and availability. | 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2025-66664 | Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause an out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception. | 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2026-0427 | Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability. | 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L |
| CVE-2025-52532 | A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context. | 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2024-21950 | An out-of-bounds read in the remote management firmware could allow a privileged attacker to read a limited section of memory outside of established bounds, potentially resulting in loss of confidentiality or availability. | 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2025-66660 | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior. | 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| CVE-2022-23826 | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly to create a race condition, potentially resulting in loss of integrity. | 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| CVE-2021-26380 | A compromised Trusted OS (TOS) driver could issue a malformed call that could allow memory access outside the intended range, potentially resulting in loss of integrity. | 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| CVE-2026-0428 | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior. | 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Specific CVSS scores may change subject to your implementation. We encourage you to calculate CVSS scores independently for your system.
Affected Products and Mitigation
AMD released mitigations and recommends updating to the versions shown below or higher.
*Note: Products believed to not be affected by the listed CVEs are not included.
AMD Accelerator Cards
| Program | CVE | Mitigation | Release Date |
| AMD Instinct™ MI210 | CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-66664 | ROCm 7.0 | 2025-09-16 | |
| CVE-2023-31317 | ROCm 7.0 | 2025-09-16 | |
| CVE-2022-23817 | ROCm 7.0 | 2025-09-16 | |
| CVE-2025-66660 | ROCm 7.0.1 | 2025-09-15 | |
| CVE-2022-23826 | ROCm 6.4.2 | 2025-07-21 | |
| CVE-2026-0427 | GIM 8.2.0.K | 2025-06-12 | |
| CVE-2023-31316 | ROCm 6.4 | 2025-04-11 | |
| CVE-2025-54511 | ROCm 6.3 | 2024-01-03 | |
| AMD Instinct™ MI250 | CVE-2025-66664 | ROCm 7.0 | 2025-09-16 |
| CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2023-31317 | ROCm 7.0 | 2025-09-16 | |
| CVE-2022-23817 | ROCm 7.0 | 2025-09-16 | |
| CVE-2025-66660 | ROCm 7.0.1 | 2025-09-15 | |
| CVE-2022-23826 | ROCm 6.4.2 | 2025-07-21 | |
| CVE-2023-31316 | ROCm 6.4 | 2025-04-11 | |
| CVE-2025-54511 | ROCm 6.3 | 2024-01-03 | |
| AMD Instinct™ MI300A | CVE-2024-21950 | No fix planned1 | N/A |
| CVE-2025-66664 | BKC 26 (ROCm 7.0.1) | 2025-10-06 | |
| CVE-2025-66660 | BKC 26 | 2025-10-06 | |
| CVE-2026-0428 | BKC 26 | 2025-10-06 | |
| CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2024-36323 | ROCm 6.3 | 2024-12-04 | |
| AMD Instinct™ MI300X | CVE-2024-21950 | No fix planned1 | N/A |
| CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2026-0427 | GIM Driver 8.2.0.K | 2025-06-12 | |
| CVE-2025-66664 | ROCm 6.3.1 | 2024-12-20 | |
| CVE-2026-0428 | ROCm 6.3.1 | 2024-12-20 | |
| CVE-2024-36323 | ROCm 6.3 | 2024-12-04 | |
| CVE-2025-66660 | ROCm 6.3 | 2024-12-03 | |
| AMD Instinct™ MI308X | CVE-2024-21950 | No fix planned1 | N/A |
| CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-66664 | ROCm 6.4.2 | 2025-07-21 | |
| CVE-2026-0428 | ROCm 6.4.2 | 2025-07-21 | |
| CVE-2025-66660 | ROCm 6.4.2 | 2025-06-09 | |
| CVE-2024-36323 | ROC 6.3 | 2024-12-04 | |
| AMD Instinct™ MI325X | CVE-2024-21950 | No fix planned1 | N/A |
| CVE-2025-52532 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2025-54517 | GIM Driver 8.4 | 2025-09-16 | |
| CVE-2026-0427 | GIM Driver 8.2.0.K | 2025-06-12 | |
| CVE-2025-66664 | ROCm 6.3.1 | 2024-12-20 | |
| CVE-2026-0428 | ROCm 6.3.1 | 2024-12-20 | |
| CVE-2024-36323 | ROC 6.3 | 2024-12-04 | |
| CVE-2025-66660 | ROCm 6.3 | 2024-12-03 |
1 No fix planned as the affected component is immutable factory locked BL0 FW. Also, there is no GPU data in the RM firmware that can be exposed.
AMD Radeon™ PRO Graphics Cards
| Program | CVE | Mitigation | Release Date |
| AMD Radeon™ Instinct™ MI25 | CVE-2021-26380 | Contact your AMD Customer Engineering representative | 2025-02-27 |
| CVE-2022-23826 | Contact your AMD Customer Engineering representative | 2025-02-14 | |
| CVE-2025-54511 | Contact your AMD Customer Engineering representative | 2023-03-09 | |
| AMD Radeon™ PRO V520 | CVE-2021-46747 | Contact your AMD Customer Engineering representative | 2025-08-05 |
| CVE-2025-66664 | Contact your AMD Customer Engineering representative | 2025-07-21 | |
| CVE-2025-52532 | Contact your AMD Customer Engineering representative | 2025-06-05 | |
| CVE-2025-54517 | Contact your AMD Customer Engineering representative | 2025-06-05 | |
| CVE-2023-31309 | Contact your AMD Customer Engineering representative | 2024-09-26 | |
| CVE-2022-23826 | Contact your AMD Customer Engineering representative | 2024-07-16 | |
| CVE-2021-26380 | Contact your AMD Customer Engineering representative | 2024-07-16 | |
| CVE-2025-54511 | Contact your AMD Customer Engineering representative | 2022-12-03 | |
| AMD Radeon™ PRO V620 | CVE-2025-52532 | Contact your AMD Customer Engineering representative | 2025-06-05 |
| CVE-2025-54517 | Contact your AMD Customer Engineering representative | 2025-06-05 | |
| CVE-2023-31309 | Contact your AMD Customer Engineering representative | 2023-12-12 | |
| CVE-2021-46747 | Contact your AMD Customer Engineering representative | 2023-03-31 | |
| CVE-2022-23826 | Contact your AMD Customer Engineering representative | 2022-12-21 | |
| CVE-2021-26380 | Contact your AMD Customer Engineering representative | 2022-12-21 | |
| CVE-2023-31316 | Contact your AMD Customer Engineering representative | 2026-03-26 | |
| CVE-2025-66664 | Contact your AMD Customer Engineering representative | 2026-03-26 | |
| CVE-2025-66660 | Contact your AMD Customer Engineering representative | 2026-03-26 | |
| CVE-2025-54511 | Contact your AMD Customer Engineering representative | 2022-06-17 | |
| AMD Radeon™ PRO V710 | CVE-2024-36332 | Contact your AMD Customer Engineering representative | 2025-11-20 |
| CVE-2025-66664 | Contact your AMD Customer Engineering representative | 2025-07-17 | |
| CVE-2025-66660 | Contact your AMD Customer Engineering representative | 2025-07-17 | |
| CVE-2026-0427 | Contact your AMD Customer Engineering representative | 2025-06-10 | |
| CVE-2025-52532 | Contact your AMD Customer Engineering representative | 2025-06-05 | |
| CVE-2025-54517 | Contact your AMD Customer Engineering representative | 2025-06-05 |
AMD Radeon™ Graphics Cards
| Program | CVE | Mitigation | Release Date |
| AMD Radeon™ PRO VII | CVE-2021-26380 | AMD Software: PRO Edition 25.Q3 (23.19.23.11 pre-RDNA) | 2025-10-29 |
| CVE-2022-23826 | AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA) | 2025-06-03 | |
| AMD Radeon™ PRO W5000 Series Graphics Products | CVE-2021-46747 | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | 2025-11-13 |
| CVE-2021-26380 | AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) | 2025-10-29 | |
| CVE-2024-363331 | AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) | 2025-10-29 | |
| https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html | 2025-10-29 | ||
| CVE-2022-23826 | AMD Software: PRO Edition 25.Q2 (25.10.10) | 2025-06-03 | |
| CVE-2022-23817 | AMD Software: PRO Edition 22.Q2 (22.10.20) | 2022-05-24 | |
| AMD Radeon™ PRO W6000 Series Graphics Product | CVE-2022-23826 | AMD Software: PRO Edition 25.Q2 (25.10.10) | 2025-06-03 |
| CVE-2025-66664 | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | 2025-12-11 | |
| CVE-2025-66660 | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | 2025-12-11 | |
| CVE-2023-31316 | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | 2025-12-11 | |
| CVE-2023-31317 | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | 2025-11-13 | |
| CVE-2021-46747 | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | 2025-11-13 | |
| CVE-2023-31316 | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | 2025-11-13 | |
| CVE-2021-26380 | AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) | 2025-10-29 | |
| CVE-2024-363331 | AMD Software: PRO Edition 25.Q3.1 (25.10.32 RDNA) | 2025-10-29 | |
| https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html | 2025-10-29 | ||
| CVE-2022-23826 | AMD Software: PRO Edition 25.Q2 (25.10.10) | 2025-06-03 | |
| CVE-2023-31309 | AMD Software: PRO Edition 23.Q4 | 2023-12-12 | |
| CVE-2022-23817 | AMD Software: PRO Edition 22.Q2 (22.10.20) | 2022-05-24 | |
| AMD Radeon™ PRO VII | CVE-2024-363331 | AMD Software: PRO Edition 26.Q1 (23.19.24) | 2026-01-21 |
| https://www.amd.com/en/resources/support-articles/faqs/GPU-601.html | 2025-10-29 |
[1] Updating either AMD Cleanup Utility or the Adrenalin software will mitigate CVE-2024-36333. Both mitigations are not required. If AMD Cleanup Utility was updated to version 25.20.00.00, AMD recommends removing any previous versions since they would be vulnerable to this issue.
AMD Ryzen™ Series Processors
| Program | CVE | Mitigation | Release Date |
| AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics | CVE-2025-0044 | AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01) | 2024-07-19 |
| AMD Software: PRO Edition 24.Q2 (24.10.20) | 2024-07-19 | ||
| AMD Ryzen™ 8000 Series Desktop Processors | CVE-2025-0044 | AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01), AMD Software: PRO Edition 24.Q2 (24.10.20) | 2024-07-19 |
| AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics | CVE-2025-0044 | AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01), AMD Software: PRO Edition 24.Q2 (24.10.20) | 2024-07-19 |
| AMD Ryzen™ AI 300 Series Processors | CVE-2025-0044 | AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01), AMD Software: PRO Edition 24.Q2 (24.10.20) | 2024-07-19 |
| AMD Ryzen™ AI Max+ | CVE-2025-0044 | AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01), AMD Software: PRO Edition 24.Q2 (24.10.20) | 2024-07-19 |
AMD Ryzen™ Embedded Series Processors
| Program | CVE | Mitigation | Release Date |
| AMD Ryzen™ Embedded 8000 Series Processors | CVE-2025-0044 | Graphics driver: version 25.6.1, branch: 25.10.13.01. - Chipset version: 7.06.02.123 | 2025-07-31 |
Acknowledgement
AMD thanks the following researchers for participating in the AMD Bug Bounty Program:
“Falconcorruption”: CVE-2024-36334
Maher Azzouzi: CVE-2025-52532, CVE-2025-54517
“sim0nsecurity”: -2024-36333 (also reported by Geenetics, Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc., and Mohamed Amine Saidani (“Pwni”)
AMD thanks the following for reporting these issues and engaging in coordinated vulnerability disclosure:
Mahdi Braik of the Apple Media Products RedTeam: CVE-2022-23817
Internally found: CVE-2021-26380, CVE-2021-46747 , CVE-2022-23826, CVE-2023-31309, CVE-2023-31316, CVE-2023-31317, CVE-2024-21950, CVE-2024-36323, CVE-2024-36332, CVE-2025-0040, CVE-2025-0044, CVE-2025-54511, CVE-2025-66660, CVE-2025-66664, CVE-2026-0427, CVE-2026-0428
Revisions
| Revision Date | Description |
| 2026-05-12 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, Instinct, Radeon, Ryzen, and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2026 Advanced Micro Devices, Inc. All rights reserved.