Skip to main content

Amd Epyc 8004 Series Processors

3 CVEs product

Monthly

CVE-2025-54509 MEDIUM This Month

Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.

Information Disclosure Amd Amd Epyc 9004 Series Processors Amd Epyc 9005 Series Processors Amd Epyc 8004 Series Processors +4
NVD
CVSS 4.0
4.0
EPSS
0.0%
CVE-2025-61971 MEDIUM This Month

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Information Disclosure Red Hat Suse Amd Epyc 7003 Series Processors Amd Epyc 9004 Series Processors +7
NVD VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-54502 HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure Amd Amd Epyc 7003 Series Processors +56
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 4.0
MEDIUM This Month

Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.

Information Disclosure Amd Amd Epyc 9004 Series Processors +6
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Information Disclosure Red Hat Suse +9
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Privilege Escalation RCE Information Disclosure +58
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy