Insufficient Parameter Sanitization in TEE SOC Driver from AMD
CVE-2026-0428

1.8LOW

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi300a; Amd Instinct™ Mi300x; Amd Instinct™ Mi308x; Amd Instinct™ Mi325x
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-0428?

The TEE SOC Driver from AMD is affected by an insufficient parameter sanitization issue. This vulnerability could allow an attacker to transmit a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS command, enabling the writing of invalid data to a remote Die. This situation may lead to unpredictable behavior of the affected systems, posing potential risks to the integrity and functionality of the devices.

Affected Version(s)

AMD Instinct™ MI300A BKC 26

AMD Instinct™ MI300X ROCm 6.3.1

AMD Instinct™ MI308X ROCm 6.4.2

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Dec 6, 2025

CVE-2026-0428 Data

JSON

Amd

What is CVE-2026-0428?

Affected Version(s)

References

CVSS V4

Timeline