CVE-2025-61972

Description

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

High

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

None

Affected products

AMD / AMD EPYC™ 8004 Series ProcessorsGenoaPI_1.0.0.H – GenoaPI_1.0.0.H
AMD / AMD EPYC™ 9004 Series ProcessorsGenoaPI_1.0.0.H – GenoaPI_1.0.0.H
AMD / AMD EPYC™ 9005 Series ProcessorsTurinPI_1.0.0.8 – TurinPI_1.0.0.8
AMD / AMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")EmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")EmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™ Embedded 9005 Series ProcessorsEmbeddedTurinPI_SP5_1004 – EmbeddedTurinPI_SP5_1004

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html