Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-66664

CVE-2025-66664: AMD Secure Processor Information Disclosure

CVE-2025-66664 is an information disclosure vulnerability in AMD Secure Processor (ASP) TEE SOC Driver caused by insufficient parameter sanitization. This article covers technical details, affected systems, and mitigation strategies.

Published:

CVE-2025-66664 Overview

CVE-2025-66664 is an out-of-bounds read vulnerability in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) System-on-Chip (SOC) Driver. The flaw stems from insufficient parameter sanitization when handling the DRV_SOC_CMD_ID_LOAD_GFX_IP_FW Single Root I/O Virtualization (SR-IOV) command. An attacker with high privileges and local access can issue a malformed command to trigger the out-of-bounds read. Successful exploitation may expose SOC Driver memory contents or generate an exception, disrupting driver operation. The weakness is tracked as CWE-125 Out-of-bounds Read.

Critical Impact

Exploitation can disclose AMD Secure Processor SOC Driver memory or cause an exception condition that affects the trusted execution environment.

Affected Products

  • AMD Secure Processor (ASP) TEE SOC Driver
  • AMD platforms supporting SR-IOV with the affected ASP firmware
  • See the AMD Security Bulletin #6027 for the complete list of impacted SKUs and firmware versions

Discovery Timeline

  • 2026-05-15 - CVE-2025-66664 published to NVD
  • 2026-05-15 - Last updated in NVD database

Technical Details for CVE-2025-66664

Vulnerability Analysis

The vulnerability resides in the AMD Secure Processor TEE SOC Driver, which handles privileged commands routed through the SR-IOV interface. The driver accepts the DRV_SOC_CMD_ID_LOAD_GFX_IP_FW command, used to load graphics IP firmware into the secure processor environment. Insufficient sanitization of input parameters allows a crafted command to drive a read past the end of an intended buffer. The result is either disclosure of adjacent driver memory or an exception that terminates the operation.

Because the ASP brokers sensitive cryptographic and platform integrity operations, any unintended memory disclosure from the SOC Driver can leak structures useful for follow-on attacks. The attack surface is restricted to local actors with high privileges, limiting opportunistic exploitation but raising concern for compromised hypervisors or privileged guests in virtualized AMD platforms.

Root Cause

The root cause is missing or incomplete bounds checking on parameters supplied with the DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command. The driver dereferences attacker-controlled length or offset fields without validating them against the underlying buffer, satisfying the conditions for [CWE-125].

Attack Vector

The attack vector is local. An attacker who already holds high privileges on the host or within a privileged virtualization context issues a malformed SR-IOV command to the ASP TEE SOC Driver. No user interaction is required. Refer to the AMD Security Bulletin #6027 for vendor-confirmed exploitation prerequisites.

No verified proof-of-concept code is publicly available. The vulnerability mechanism is described in prose because no validated exploit artifacts have been published.

Detection Methods for CVE-2025-66664

Indicators of Compromise

  • Unexpected exceptions, faults, or crashes originating from the AMD Secure Processor TEE SOC Driver
  • Anomalous issuance of DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV commands from non-routine processes or privileged guests
  • Kernel or hypervisor log entries indicating malformed ASP command parameters

Detection Strategies

  • Monitor host and hypervisor logs for ASP driver error codes and abnormal command rejections
  • Audit which privileged processes and virtualization components interact with the ASP TEE interface
  • Correlate driver exceptions with preceding SR-IOV command activity to identify malformed inputs

Monitoring Recommendations

  • Forward kernel, hypervisor, and platform firmware logs to a centralized SIEM for retention and analysis
  • Establish a baseline of normal ASP SOC Driver command frequency and alert on deviations
  • Track installation status of AMD firmware updates referenced in Security Bulletin #6027 across the fleet

How to Mitigate CVE-2025-66664

Immediate Actions Required

  • Review the AMD Security Bulletin #6027 and identify affected platforms in your environment
  • Apply AMD-provided firmware or driver updates as soon as they are available for your hardware SKU
  • Restrict local administrative and hypervisor-level access to trusted operators only

Patch Information

AMD has published remediation guidance in AMD Security Bulletin #6027. Consult the bulletin for the specific firmware versions, AGESA releases, and OEM BIOS updates that address CVE-2025-66664.

Workarounds

  • Limit issuance of SR-IOV commands to vetted management components until firmware updates are deployed
  • Enforce least privilege on hypervisor and host administrator accounts to reduce the local attack surface
  • Isolate workloads that require ASP TEE interaction from untrusted tenants on shared AMD platforms
bash
# Configuration example
# Verify AMD platform firmware version against AMD-SB-6027 fixed releases
sudo dmidecode -s bios-version
sudo dmesg | grep -i "amd-sp\|psp\|asp"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.