CVE-2025-29934
5.3
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
Summary
A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 9004 Series Processors | Genoa 1.0.0.E | unaffected |
| AMD | AMD EPYC™ 9005 Series Processors | Turin 1.0.0.6 | unaffected |
| AMD | AMD EPYC™ 8004 Series Processors | Genoa 1.0.0.E | unaffected |
| AMD | AMD EPYC™ Embedded 7003 Series Processors | EmbMilanPI-SP3 v9 1.0.0.B | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Genoa”) | EmbGenoaPI-SP5 1.0.0.A | unaffected |
| AMD | AMD EPYC™ Embedded 9005 Series Processors | EmbTurinPI-SP5 1.0.0.1 | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Bergamo”) | EmbGenoaPI-SP5 1.0.0.A | unaffected |
| AMD | AMD EPYC™ Embedded 8004 Series Processors | EmbGenoaPI-SP5 1.0.0.A | unaffected |
Weaknesses
- CWE-459: CWE-459 Incomplete Cleanup
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.