CVE-2025-29948

Summary

Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.6unaffected
AMDAMD EPYC™ Embedded 9005 Series ProcessorsEmbTurinPI-SP5_1.0.0.1unaffected

Weaknesses

  • CWE-1260: CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References