CVE-2025-48517

Summary

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 9005 Series ProcessorsTurinPI 1.0.0.6unaffected
AMDAMD EPYC™ Embedded 9005 Series ProcessorsEmbTurinPI-SP5_1.0.0.1unaffected

Weaknesses

  • CWE-1220: CWE-1220 Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References