CVE-2026-0427 PUBLISHED

Assigner: AMD
Reserved: 06.12.2025 Published: 15.05.2026 Updated: 15.05.2026

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS Score: 4.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	Low
Attack Complexity	Low	Integrity	Low	Integrity	Low
Attack Requirements	None	Availability	Low	Availability	Low
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Instinct™ MI210
Versions	Default: affected Version GIM 8.2.0.K is unaffected

Vendor	AMD
Product	AMD Instinct™ MI300X
Versions	Default: affected Version GIM 8.2.0.K is unaffected

Vendor	AMD
Product	AMD Instinct™ MI325X
Versions	Default: affected Version GIM 8.2.0.K is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO V710
Versions	Default: affected Version Contact your AMD Customer Engineering representative is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

Problem Types

CWE-459 Incomplete Cleanup CWE