CVE-2025-66664
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryAffected Version Matrix 13
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Instinct™ MI210 | ROCm 7.0 | unaffected |
| AMD | AMD Instinct™ MI250 | ROCm 7.0 | unaffected |
| AMD | AMD Instinct™ MI300A | BKC 26 (ROCm 7.0.1) | unaffected |
| AMD | AMD Instinct™ MI300X | ROCm 6.3.1 | unaffected |
| AMD | AMD Instinct™ MI308X | ROCm 6.4.2 | unaffected |
| AMD | AMD Instinct™ MI325X | ROCm 6.3.1 | unaffected |
| AMD | AMD Radeon™ PRO V520 | Contact your AMD Customer Engineering representative | unaffected |
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | unaffected |
| AMD | AMD Radeon™ PRO V710 | Contact your AMD Customer Engineering representative | unaffected |
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | unaffected |
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | unaffected |
| AMD | AMD Radeon™ RX 6000 Series Graphics Products | AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01) | unaffected |
| AMD | AMD Radeon™ RX 7000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01) | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-66664
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
AMD多款产品 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AMD Radeon是美国超威半导体(AMD)公司的一个用于Advanced Micro Devices图形卡和GPU的设备驱动程序和实用程序软件包。 AMD多款产品存在缓冲区错误漏洞,该漏洞源于参数清理不足,可能导致攻击者发出格式错误的DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV命令,导致越界读取,导致SOC Driver内存内容泄露或异常。以下产品受到影响:AMD Radeon™ RX 6000 Series Graphics Products、AMD Radeon™ RX
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AMD | AMD Radeon™ RX 6000 Series Graphics Products | AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01) | - | |
| AMD | AMD Radeon™ RX 7000 Series Graphics Products | AMD Software: Adrenalin Edition 25.11.1 (25.20.29.01) | - | |
| AMD | AMD Radeon™ PRO W6000 Series Graphics Products | AMD Software: PRO Edition 25.Q4 (25.10.37.01) | - | |
| AMD | AMD Radeon™ PRO W7000 Series Graphics Products | AMD Software: PRO Edition 25.Q3.1 (25.10.32) | - | |
| AMD | AMD Instinct™ MI250 | ROCm 7.0 | - | |
| AMD | AMD Instinct™ MI210 | ROCm 7.0 | - | |
| AMD | AMD Instinct™ MI300X | ROCm 6.3.1 | - | |
| AMD | AMD Instinct™ MI325X | ROCm 6.3.1 | - | |
| AMD | AMD Instinct™ MI308X | ROCm 6.4.2 | - | |
| AMD | AMD Instinct™ MI300A | BKC 26 (ROCm 7.0.1) | - | |
| AMD | AMD Radeon™ PRO V520 | Contact your AMD Customer Engineering representative | - | |
| AMD | AMD Radeon™ PRO V620 | Contact your AMD Customer Engineering representative | - | |
| AMD | AMD Radeon™ PRO V710 | Contact your AMD Customer Engineering representative | - |
II. Public POCs for CVE-2025-66664
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-66664
请登录查看更多情报信息。
Same Patch Batch · AMD · 2026-05-15 · 39 CVEs total
| CVE-2025-52540 | AMD Chipset 缓冲区错误漏洞 | |
| CVE-2025-0040 | AMD Processors 访问控制错误漏洞 | |
| CVE-2024-21962 | AMD RAID Driver 安全漏洞 | |
| CVE-2025-29935 | AMD Chipset 缓冲区错误漏洞 | |
| CVE-2025-29944 | AMD Ryzen 安全漏洞 | |
| CVE-2025-29938 | AMD多款产品 安全漏洞 | |
| CVE-2025-29937 | AMD Processors 缓冲区错误漏洞 | |
| CVE-2025-0028 | AMD Chipset 安全漏洞 | |
| CVE-2025-29936 | AMD多款产品 输入验证错误漏洞 | |
| CVE-2025-48513 | AMD Chipset 安全漏洞 | |
| CVE-2021-26380 | AMD Graphics Driver 输入验证错误漏洞 | |
| CVE-2025-48520 | AMD多款产品 缓冲区错误漏洞 | |
| CVE-2025-48519 | AMD Chipset 缓冲区错误漏洞 | |
| CVE-2025-0045 | AMD Secure Processor 安全漏洞 | |
| CVE-2026-0432 | AMD Chipset 安全漏洞 | |
| CVE-2025-48521 | AMD Processors 资源管理错误漏洞 | |
| CVE-2025-48512 | AMD Chipset 安全漏洞 | |
| CVE-2024-36345 | AMD OverDrive 安全漏洞 | |
| CVE-2026-0438 | AMD Chipset 安全漏洞 | |
| CVE-2023-31309 | AMD Radeon 输入验证错误漏洞 |
Showing top 20 of 39 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-125
- CVE-2026-24213
NVIDIA Triton Inference Server OOB读漏洞 - CVE-2026-43620
Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files() - CVE-2026-32882
libheif: Heap Buffer OOB Read in overlay compositing due to - CVE-2026-32738
libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_ - CVE-2026-8686
DoS from MQTT v5.0 Deserialization Fault in core MQTT
V. Comments for CVE-2025-66664
No comments yet