CVE-2025-66664: CWE-125 Out-of-bounds Read in AMD AMD Radeon™ RX 6000 Series Graphics Products
CVE-2025-66664 is a medium severity vulnerability in AMD Radeon RX 6000 Series graphics products involving an out-of-bounds read due to insufficient parameter sanitization in the AMD Secure Processor TEE SOC Driver. An attacker with high privileges could issue a malformed SR-IOV command to trigger this flaw, potentially exposing SOC Driver memory contents or causing an exception. There is no confirmed patch or official remediation available at this time. No known exploits are reported in the wild.
AI Analysis
Technical Summary
This vulnerability arises from improper validation of parameters in the AMD Secure Processor Trusted Execution Environment (TEE) SOC Driver within AMD Radeon RX 6000 Series graphics products. Specifically, an attacker with high privileges can send a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command, causing an out-of-bounds read (CWE-125). This may lead to exposure of sensitive SOC Driver memory or cause an exception in the driver. The CVSS 4.0 base score is 4.6, reflecting a medium severity with local attack vector, low complexity, and no user interaction required. No patch or official remediation level has been disclosed by AMD as of the publication date.
Potential Impact
Successful exploitation could result in unauthorized reading of memory beyond intended boundaries within the SOC Driver, potentially exposing sensitive information or causing system instability through exceptions. The attack requires local access with high privileges, limiting the attack surface. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the AMD vendor advisory for current remediation guidance. Until an official fix is released, restrict high privilege local access to trusted users only to reduce risk. Monitor AMD communications for updates on patches or mitigations.
CVE-2025-66664: CWE-125 Out-of-bounds Read in AMD AMD Radeon™ RX 6000 Series Graphics Products
Description
CVE-2025-66664 is a medium severity vulnerability in AMD Radeon RX 6000 Series graphics products involving an out-of-bounds read due to insufficient parameter sanitization in the AMD Secure Processor TEE SOC Driver. An attacker with high privileges could issue a malformed SR-IOV command to trigger this flaw, potentially exposing SOC Driver memory contents or causing an exception. There is no confirmed patch or official remediation available at this time. No known exploits are reported in the wild.
CVSS v4.0
Score 4.6medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper validation of parameters in the AMD Secure Processor Trusted Execution Environment (TEE) SOC Driver within AMD Radeon RX 6000 Series graphics products. Specifically, an attacker with high privileges can send a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command, causing an out-of-bounds read (CWE-125). This may lead to exposure of sensitive SOC Driver memory or cause an exception in the driver. The CVSS 4.0 base score is 4.6, reflecting a medium severity with local attack vector, low complexity, and no user interaction required. No patch or official remediation level has been disclosed by AMD as of the publication date.
Potential Impact
Successful exploitation could result in unauthorized reading of memory beyond intended boundaries within the SOC Driver, potentially exposing sensitive information or causing system instability through exceptions. The attack requires local access with high privileges, limiting the attack surface. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the AMD vendor advisory for current remediation guidance. Until an official fix is released, restrict high privilege local access to trusted users only to reduce risk. Monitor AMD communications for updates on patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMD
- Date Reserved
- 2025-12-06T15:03:58.971Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a068dc1ec166c07b09ac9fa
Added to database: 5/15/2026, 3:06:41 AM
Last enriched: 5/22/2026, 3:35:30 PM
Last updated: 6/6/2026, 8:32:29 AM
Views: 54
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.