Amd Epyc Embedded 9004 Series Processors Formerly Codenamed Genoa
Monthly
Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
Improper access control in the IOMMU register interface on AMD EPYC server processors allows a high-privileged local attacker to induce non-coherent memory accesses by the AMD Secure Processor (ASP), resulting in loss of system integrity beyond the directly compromised component. Affected processor families span EPYC 8004, 9004, and 9005 series - including embedded variants - covering AMD's current-generation server and embedded datacenter platforms. No public exploit code and no CISA KEV listing exist at time of analysis, but the elevated subsequent integrity impact (SI:H in CVSS 4.0) signals meaningful security boundary degradation, particularly relevant for confidential computing and virtualized environments where ASP integrity is foundational.
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.