CVE-2025-52532
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionAffected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 | GIM Driver 8.4 | unaffected |
| AMD | AMD Instinct™ MI250 | GIM Driver 8.4 | unaffected |
| AMD | AMD Instinct™ MI300A | GIM Driver 8.4 | unaffected |
| AMD | AMD Instinct™ MI300X | GIM Driver 8.4 | unaffected |
| AMD | AMD Instinct™ MI308X | GIM Driver 8.4 | unaffected |
| AMD | AMD Instinct™ MI325X | GIM Driver 8.4 | unaffected |
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | unaffected |
| AMD | AMD Radeon™ PRO V710 | Contact your AMD Customer Engineering representative | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-52532
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | - | |
| AMD | AMD Radeon™ PRO V710 | Contact your AMD Customer Engineering representative | - | |
| AMD | AMD Instinct™ MI250 | GIM Driver 8.4 | - | |
| AMD | AMD Instinct™ MI308X | GIM Driver 8.4 | - | |
| AMD | AMD Instinct™ MI300A | GIM Driver 8.4 | - | |
| AMD | AMD Instinct™ MI300X | GIM Driver 8.4 | - | |
| AMD | AMD Instinct™ MI325X | GIM Driver 8.4 | - | |
| AMD | AMD Instinct™ MI210 | GIM Driver 8.4 | - |
II. Public POCs for CVE-2025-52532
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-52532
请登录查看更多情报信息。
Same Patch Batch · AMD · 2026-05-15 · 39 CVEs total
| CVE-2025-52540 | AMD PMF驱动越界写入致提权 | |
| CVE-2025-0040 | NXP JTAG-AXI访问控制漏洞 | |
| CVE-2024-21962 | AMD RAID驱动输入验证缺陷致提权与代码执行 | |
| CVE-2025-29935 | AMD PMF越界写入漏洞(影响代码执行) | |
| CVE-2025-29944 | AMD Sensor Fusion Hub 驱动缓冲区溢出致系统崩溃 | |
| CVE-2025-29938 | AMD PMF 版本未指定:未检查返回值致任意代码执行 | |
| CVE-2025-29937 | AMD PMF越界读取漏洞 | |
| CVE-2025-0028 | AMD PMF框架越界读写漏洞 | |
| CVE-2025-29936 | AMD平台管理框架输入验证缺陷导致权限提升 | |
| CVE-2025-48513 | AMD PMF未初始化资源漏洞 | |
| CVE-2021-26380 | Trusted OS驱动内存越界致完整性丢失 | |
| CVE-2025-48520 | AMD平台管理框架驱动越界读取漏洞 | |
| CVE-2025-48519 | AMD PMF驱动越界读写致提权漏洞 | |
| CVE-2025-0045 | AMD Secure Processor驱动输入验证漏洞致拒绝服务 | |
| CVE-2026-0432 | AMD芯片组驱动权限错误致提权 | |
| CVE-2025-48521 | ASP PCI驱动Use-After-Free漏洞致平台完整性丧失 | |
| CVE-2025-48512 | AMD GPIO控制器权限配置错误致提权 | |
| CVE-2024-36345 | AMD OverDrive SMM模块越界读取漏洞 | |
| CVE-2026-0438 | SMM handler执行非SMM内存代码导致远程代码执行漏洞 | |
| CVE-2023-31317 | AMD安全处理器越界内存读写致任意代码执行 |
Showing top 20 of 39 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-367
- CVE-2026-41702
TOCTOU local privilege escalation vulnerability - CVE-2022-23826
Graphics TOCTOU漏洞可致完整性破坏 - CVE-2026-42592
Gotenberg: DNS rebinding bypasses SSRF validation on Chromiu - CVE-2026-42344
FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress al - CVE-2026-44694
n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API clien
V. Comments for CVE-2025-52532
No comments yet