ByteOS

AMD EPYC™ 9004 Series Processors

Product

Default Status

affected

Versions

Unaffected

GenoaPI_1.0.0.H

Vendor

AMD EPYC™ 7003 Series Processors

Product

Default Status

affected

Versions

Unaffected

MilanPI-SP3_1.0.0.J

Vendor

AMD EPYC™ 9005 Series Processors

Product

Default Status

affected

Versions

Unaffected

TurinPI_1.0.0.8

Vendor

AMD EPYC™ 8004 Series Processors

Product

Default Status

affected

Versions

Unaffected

GenoaPI_1.0.0.H

Vendor

AMD EPYC™ Embedded 7003 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbMilanPI-SP3 1.0.0.D

Vendor

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")

Product

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.D

Vendor

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")

Product

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.D

Vendor

AMD EPYC™ Embedded 8004 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbGenoaPI-SP5 1.0.0.D

Vendor

AMD EPYC™ Embedded 9005 Series Processors

Product

Default Status

affected

Versions

Unaffected

EmbeddedTurinPI_SP5_1004

Problem Types

Type	CWE ID	Description
CWE	CWE-1233	CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection

Type: CWE

CWE ID: CWE-1233

Description: CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection

Metrics

Version	Base score	Base severity	Vector
4.0	5.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N

References

Hyperlink	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@amd.com

Published At:13 May, 2026 | 04:17

Updated At:13 May, 2026 | 14:49

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.9	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-1233	Secondary	psirt@amd.com

CWE ID: CWE-1233

Type: Secondary

Source: psirt@amd.com

References

Hyperlink	Source	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html	psirt@amd.com	N/A

Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

Source: psirt@amd.com

Resource: N/A

Similar CVEs

5Records found

CVE-2025-54510

Matching Score-8

Matching Score-8

CVSS Score-5.9||MEDIUM

EPSS-0.02% / 3.59%

7 Day CHG~0.00%

Published-16 Apr, 2026 | 18:44

Updated-13 May, 2026 | 03:14

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

Product-AMD EPYC™ 8004 Series Processors AMD EPYC™ Embedded 8004 Series Processors AMD EPYC™ Embedded 9004 Series Processors AMD EPYC™ Embedded 9005 Series Processors AMD EPYC™ Embedded 9004 Series Processors AMD EPYC™ Embedded 7003 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 9004 Series Processors

CWE ID-CWE-414

Missing Lock Check

CVE-2025-29952

Matching Score-8

Matching Score-8

CVSS Score-5.9||MEDIUM

EPSS-0.02% / 5.50%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:09

Updated-10 Feb, 2026 | 21:51

Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity

Product-AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded 9005 Series Processors

CWE ID-CWE-457

Use of Uninitialized Variable

CVE-2025-29948

Matching Score-8

Matching Score-8

CVSS Score-5.9||MEDIUM

EPSS-0.02% / 4.89%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:07

Updated-11 Feb, 2026 | 15:08

Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.

Product-AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded 9005 Series Processors

CWE ID-CWE-1260

Improper Handling of Overlap Between Protected Memory Ranges

CVE-2024-21953

Matching Score-8

Matching Score-8

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 11.84%

7 Day CHG~0.00%

Published-10 Feb, 2026 | 19:11

Updated-10 Feb, 2026 | 21:51

Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.

Product-AMD EPYC™ 9004 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ Embedded 9004 Series Processors

CWE ID-CWE-1284

Improper Validation of Specified Quantity in Input

CVE-2025-61972

Matching Score-6

Matching Score-6

CVSS Score-8.5||HIGH

EPSS-0.01% / 1.98%

7 Day CHG~0.00%

Published-13 May, 2026 | 03:03

Updated-14 May, 2026 | 03:56

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.