Skip to main content

Severity by source

NVD PRIMARY
4.0 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 09, 2026 - 20:01 vuln.today
CVSS changed
Jun 09, 2026 - 18:22 NVD
4.0 (MEDIUM)

DescriptionCVE.org

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

AnalysisAI

Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.

Technical ContextAI

CWE-1262 (Improper Access Control for Register Interface) describes hardware-level flaws where a software or firmware interface to a hardware register block fails to enforce appropriate privilege or isolation boundaries. In this case, the IOMMU - the hardware unit responsible for virtualizing and constraining DMA access by devices and subsystems - exposes a register interface that does not adequately restrict write access. The AMD Secure Processor (ASP, formerly PSP) is an ARM-based co-processor embedded in EPYC chips that manages firmware trust, secure boot, memory encryption (SME/SEV), and other security-critical functions. By manipulating IOMMU registers, a privileged attacker can cause the ASP to perform non-coherent memory accesses - reads or writes that bypass cache coherency protocols - potentially exposing or corrupting data the ASP is operating on without the ASP's knowledge. The attack requires AT:P (Additional Technology/conditions Present) per the CVSS 4.0 vector, indicating a prerequisite configuration or platform state is needed. Affected CPEs cover cpe:2.3:a:amd:amd_epyc™_9004_series_processors, 9005, 8004, and their embedded equivalents.

RemediationAI

Apply the AMD-released firmware patches as published under AMD Security Bulletin AMD-SB-3039 at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html. Exact patch versions by platform: EPYC 9004 and 8004 Series → GenoaPI_1.0.0.H; EPYC 9005 Series → TurinPI_1.0.0.8; EPYC Embedded 9004 (Genoa and Bergamo) and Embedded 8004 → EmbGenoaPI-SP5 1.0.0.D; EPYC Embedded 9005 → EmbeddedTurinPI_SP5_1004. Firmware updates for ASP/PSP typically require platform BIOS/AGESA updates distributed by OEM/ODM vendors (Dell, HPE, Lenovo, Supermicro, etc.); coordinate with hardware vendor patch channels for server firmware bundles. As a compensating control where immediate patching is not feasible, restrict privileged OS and hypervisor access to IOMMU configuration interfaces via mandatory access control policies (e.g., SELinux or AppArmor profiles restricting /dev/mem and MMIO register access). Note that firmware patching on production servers requires a reboot, which must be scheduled in advance for high-availability environments.

Share

EUVD-2025-210086 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy