CVE-2025-29939

Summary

Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.Gunaffected
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.Hunaffected
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.6unaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.Gunaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 v9 1.0.0.Cunaffected
AMDAMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Genoa”)EmbGenoaPI-SP5 1.0.0.Bunaffected
AMDAMD EPYC™ Embedded 9005 Series ProcessorsEmbTurinPI-SP5_1.0.0.1unaffected
AMDAMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Bergamo”)EmbGenoaPI-SP5 1.0.0.Bunaffected
AMDAMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.Bunaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References