Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Series Processors | affected |
|
||||||
| AMD | AMD EPYC™ 9005 Series Processors | affected |
|
||||||
| AMD | AMD EPYC™ 8004 Series Processors | affected |
|
||||||
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") | affected |
|
||||||
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo") | affected |
|
||||||
| AMD | AMD EPYC™ Embedded 8004 Series Processors | affected |
|
||||||
| AMD | AMD EPYC™ Embedded 9005 Series Processors | affected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 13 May 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity. | |
| Weaknesses | CWE-1233 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: AMD
Published:
Updated: 2026-05-13T03:03:31.455Z
Reserved: 2025-10-04T18:09:57.018Z
Link: CVE-2025-61972
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses