CVE-2026-0428: TEE SOC Driver Sanitation Flaw Allows Unauthorized Reg Write
CVE-2026-0428 Published on May 15, 2026

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.

NVD

Weakness Type

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Affected Versions

AMD Instinct™ MI300A:

Version BKC 26 is unaffected.

AMD Instinct™ MI300X:

Version ROCm 6.3.1 is unaffected.

AMD Instinct™ MI308X:

Version ROCm 6.4.2 is unaffected.

AMD Instinct™ MI325X:

Version ROCm 6.3.1 is unaffected.

Exploit Probability

EPSS

0.03%

Percentile

9.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2026-0428: TEE SOC Driver Sanitation Flaw Allows Unauthorized Reg WriteCVE-2026-0428 Published on May 15, 2026

Weakness Type

Improper Validation of Specified Quantity in Input

Affected Versions

Exploit Probability

CVE-2026-0428: TEE SOC Driver Sanitation Flaw Allows Unauthorized Reg Write
CVE-2026-0428 Published on May 15, 2026