CVE-2025-66660 Overview
CVE-2025-66660 is a low-severity local vulnerability in the AMD Trusted Execution Environment (TEE) System-on-Chip (SOC) Driver. Insufficient parameter sanitization allows an attacker with high privileges to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT command. The malformed command can cause incorrect shared memory mapping inside the TEE SOC driver, potentially resulting in unexpected behavior. The issue is tracked under CWE-1284: Improper Validation of Specified Quantity in Input. AMD documented the flaw in AMD Security Bulletin #6027.
Critical Impact
A local attacker with high privileges can trigger incorrect shared memory mapping in the TEE SOC Driver, leading to unexpected driver behavior limited to availability impact.
Affected Products
- AMD TEE SOC Driver (see AMD Security Bulletin #6027 for affected platforms)
- AMD platforms exposing the DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT command interface
- SR-IOV-enabled AMD SOC components reliant on the TEE driver
Discovery Timeline
- 2026-05-15 - CVE CVE-2025-66660 published to NVD
- 2026-05-15 - Last updated in NVD database
Technical Details for CVE-2025-66660
Vulnerability Analysis
The defect resides in the AMD TEE SOC Driver, which mediates communication between non-privileged software components and the Trusted Execution Environment on AMD platforms. The driver exposes a command interface that includes DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT, used to verify Trusted Application (TA) compatibility under Single Root I/O Virtualization (SR-IOV). Insufficient validation of parameters passed with this command lets a malformed request influence how shared memory regions are mapped between the host and the TEE. The flaw is categorized as [CWE-1284], which addresses improper validation of specified quantity in input.
Root Cause
The driver does not sufficiently sanitize the parameter values supplied with DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT. When unchecked values reach the shared memory mapping logic, the driver computes an incorrect mapping. The resulting state diverges from the expected memory layout, producing unexpected behavior in the driver. AMD characterizes the impact as a limited availability concern with no confirmed confidentiality or integrity loss.
Attack Vector
Exploitation requires local access and high privileges on the affected system. The attacker must reach the TEE SOC Driver command interface and submit a crafted DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT request with malformed parameters. Attack complexity is high, and the attack requires specific conditions to succeed. No user interaction is needed. No public proof-of-concept, exploit, or CISA KEV listing exists for this vulnerability at the time of publication.
No verified exploit code is published. Refer to AMD Security Bulletin #6027 for technical details on the affected command path and memory mapping logic.
Detection Methods for CVE-2025-66660
Indicators of Compromise
- Unexpected kernel log entries referencing the AMD TEE SOC Driver or shared memory mapping failures.
- Driver crashes, hangs, or repeated reinitialization events on AMD platforms using SR-IOV.
- Unprivileged process attempts to access TEE driver IOCTL interfaces outside normal administrative workflows.
Detection Strategies
- Audit local invocations of TEE driver command interfaces, focusing on DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT issuers.
- Correlate privileged process activity with TEE driver error states reported by the operating system.
- Compare TEE driver versions across the fleet against the AMD-supplied fixed version.
Monitoring Recommendations
- Forward kernel and driver telemetry to a centralized analytics platform for anomaly review.
- Alert on privilege-escalation patterns that precede TEE driver command activity.
- Track availability events on AMD SR-IOV systems and correlate with driver-level errors.
How to Mitigate CVE-2025-66660
Immediate Actions Required
- Review AMD Security Bulletin #6027 and identify systems running affected TEE SOC Driver versions.
- Apply firmware and driver updates supplied by AMD or the platform OEM.
- Restrict administrative access to systems exposing the TEE SOC Driver to reduce the local attack surface.
Patch Information
AMD has published remediation guidance in AMD Security Bulletin #6027. Apply the driver and firmware versions identified in the bulletin. Coordinate with platform OEMs to obtain integrated updates where applicable.
Workarounds
- Limit local high-privilege accounts on systems that expose the AMD TEE SOC Driver until patches are deployed.
- Disable SR-IOV features on affected platforms if the functionality is not required by workloads.
- Monitor TEE driver telemetry for malformed command activity while remediation is in progress.
# Identify the loaded AMD TEE driver module on Linux systems
lsmod | grep -i amd
modinfo amdtee 2>/dev/null | grep -E 'version|filename'
# Audit local privileged processes accessing TEE device nodes
ls -l /dev/tee* 2>/dev/null
auditctl -w /dev/tee0 -p rwa -k tee_access
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

