Out of Bounds Write Vulnerability in AMD Product
CVE-2025-54517

8.5HIGH

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi250; Amd Instinct™ Mi308x; Amd Instinct™ Mi300a; Amd Instinct™ Mi300x
Vendor: CVE Published:; 15 May 2026

What is CVE-2025-54517?

An out of bounds write vulnerability has been identified in the AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler. This flaw may enable a local user to exploit the vulnerability, potentially leading to privilege escalation through remote code execution. Users of affected AMD products are encouraged to implement security updates to mitigate any risks associated.

Affected Version(s)

AMD Instinct™ MI210 GIM Driver 8.4

AMD Instinct™ MI250 GIM Driver 8.4

AMD Instinct™ MI300A GIM Driver 8.4

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Jul 23, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-54517 Data

JSON

Amd

What is CVE-2025-54517?

Affected Version(s)

References

CVSS V4

Timeline

Credit