AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – February 2026
Summary
Potential vulnerabilities in AMD EPYC™ Processor platforms were found during audits performed internally and by third parties.
Mitigations have been provided in AMD EPYC™ Platform Initialization (PI) firmware packages or in Secure Encrypted Virtualization -Secure Nested Paging (SEV-SNP) firmware.
Please refer to your OEM for the BIOS update specific to your product.
CVE Details
Refer to Glossary for explanation of terms
| CVE | CVE Description | CVSS Score | CVSS Vector |
| CVE-2025-52533 | Improper access control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity. | 8.7 | CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
| CVE-2025-29950 | Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory, potentially leading to arbitrary code execution. | 7.1 | CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| CVE-2024-36355 | Improper input validation in the system management mode (SMM) handler could allow an attacker with Ring0 access to write to System Management RAM (SMRAM) and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution. | 7.0 | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H |
| CVE-2025-29939 | Improper access control in AMD Secure Encrypted Virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during Secure Nested Paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity. | 6.9 | CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N |
| CVE-2025-0012 | Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker to corrupt or partially infer SMM memory, potentially resulting in a loss of integrity or confidentiality. | 6.8 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N |
| CVE-2025-52536 | Improper prevention of lock bit modification in AMD Secure Encrypted Virtualization (SEV) firmware could allow a privileged attacker to downgrade firmware, potentially resulting in a loss of integrity. | 6.7 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| CVE-2024-21961 | Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine (VM) to potentially perform a denial-of-service attack against the host, potentially resulting in a loss of availability. | 6.0 | CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| CVE-2025-29948 | Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass reverse map table (RMP) protections, potentially resulting in a loss of AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) guest memory integrity. | 5.9 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
| CVE-2024-21953 | Improper input validation in I/O Memory Management Unit (IOMMU) could allow a malicious hypervisor to reconfigure IOMMU registers, potentially resulting in a loss of guest memory integrity. | 5.9 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
| CVE-2025-29952 | Improper initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin-privileged attacker to corrupt reverse map page (RMP) covered memory, potentially resulting in loss of guest memory integrity. | 5.9 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N |
| CVE-2025-52534 | Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in a loss of integrity. | 5.3 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
| CVE-2025-54514 | Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. | 4.8 | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| CVE-2025-48517 | Insufficient granularity of access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a privileged user with a malicious hypervisor to create a AMD Secure Encrypted Virtualization-Encryption Standard (SEV-ES) guest with an Address Space ID (ASID) in the range meant for AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) guests, potentially resulting in a partial loss of confidentiality. | 4.6 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N |
| CVE-2025-0031 | A use-after-free vulnerability in the AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent, potentially resulting in a loss of integrity. | 4.6 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
| CVE-2024-36310 | Improper input validation in the system management mode (SMM) communications buffer could allow a privileged attacker to perform an out-of-bounds read or write to System Management RAM (SMRAM), potentially resulting in a loss of confidentiality or integrity. | 4.6 | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| CVE-2025-29946 | Insufficient or incomplete data removal in rardware components in AMD Secure Encrypted Virtualization (SEV) firmware does not fully flush the I/O Memory Management Unit (IOMMU). This could potentially allow a local privileged attacker to cause a loss of guest memory confidentiality and integrity. | 4.5 | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
| CVE-2025-48514 | Insufficient granularity of access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a privileged attacker to create a AMD Secure Encrypted Virtualization-Encryption Standard (SEV-ES) guest to attack a AMD Secure Nested Paging (SNP) guest, potentially resulting in a loss of confidentiality. | 4.0 | CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N |
| CVE-2025-0029 | Improper handling of an error condition during host-induced faults could allow a local high-privileged attacker to selectively drop guest Direct Memory Access (DMA) writes, potentially resulting in a loss of Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) guest memory integrity. | 1.8 | CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
| CVE-2025-48509 | Missing checks in certain functions related to bypass reverse map table (RMP) initialization could allow a local admin-privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity. | 1.8 | CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
Affected Products and Mitigation
AMD recommends updating to the Platform Initialization (PI) or Secure Encrypted Virtualization (SEV) firmware version indicated below.
Note: Mitigations were released by AMD to the Original Equipment Manufacturers (OEM) on the dates listed below. Please contact your OEM for the BIOS update specific to your product(s).
AMD Server Processors
| Program | Former Code Name | CVE | Mitigation Option 1 | Mitigation Option 2 | ||||
| AGESA | Date Fix Released | SEV FW | µcode | OS Update | Date Fix Released | |||
| AMD EPYC™ 7001 Series Processors | "Naples" | CVE-2025-29950 | NaplesPI 1.0.0.R | 2025-07-31 | N/A | N/A | N/A | N/A |
| CVE-2025-52533 | No fix planned1 | N/A | N/A | N/A | N/A | |||
| AMD EPYC™ 7002 Series Processors | "Rome" | CVE-2025-29950 | RomePI 1.0.0.N | 2025-08-14 | N/A | N/A | N/A | N/A |
| CVE-2024-21961 | Workaround available in Custom BIOS Settings (CBS) | N/A | N/A | N/A | N/A | |||
| CVE-2025-52533 | No fix planned1 | N/A | N/A | N/A | N/A | |||
| AMD EPYC™ 7003 Series Processors | "Milan" | CVE-2025-485142 | MilanPI 1.0.0.H | 2025-09-04 | SEV FW 1.37.23 SPL[SEV]=0x1B mitigation bit=3 |
B1:0x0A0011DE B2:0x0A001247 | N/A | 2025-07-03 |
| CVE-2025-29939 | MilanPI 1.0.0.H | 2025-09-04 | SEV FW 1.37.23 SPL[SEV]=0x1B mitigation bit=3 |
N/A | N/A | 2025-07-03 | ||
| CVE-2025-48509 | MilanPI 1.0.0.H | 2025-09-04 | SEV FW 1.37.23 SPL[SEV]=0x1B mitigation bit=3 |
N/A | N/A | 2025-07-03 | ||
| CVE-2025-0031 | MilanPI 1.0.0.H | 2025-09-04 | SEV FW 1.37.20 SPL[SEV]=0x1A |
N/A | N/A | 2025-05-02 | ||
| CVE-2025-52536 | MilanPI 1.0.0.H | 2025-09-04 | SEV FW 1.37.1F SPL[SEV]=0x1A |
N/A | N/A | 2025-05-02 | ||
| CVE-2025-29950 | MilanPI 1.0.0.H | 2025-09-04 | N/A | N/A | N/A | N/A | ||
| CVE-2025-52533 | MilanPI 1.0.0.G | 2025-01-30 | N/A | N/A | N/A | N/A | ||
| AMD EPYC™ 8004 Series Processors | "Siena" | CVE-2025-485142 | GenoaPI 1.0.0.H | 2025-12-15 | SEV FW 1.37.31 SPL[SEV]=0x1B |
A2:0x0AA0021B | N/A | 2025-06-27 |
| CVE-2025-29939 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.31 SPL[SEV]=0x1B mitigation bit 0 | N/A | N/A | 2025-06-27 | ||
| CVE-2025-0031 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 | N/A | N/A | 2025-05-08 | ||
| CVE-2025-52536 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 | N/A | N/A | 2025-05-08 | ||
| CVE-2025-48509 | GenoaPI 1.0.0.F | 2025-03-28 | SEV FW 1.37.2A SPL[SEV]=0x18 | N/A | N/A | 2025-03-28 | ||
| CVE-2024-21953 | GenoaPI 1.0.0.F | 2025-03-28 | SEV FW 1.37.2A SPL[SEV]=0x18 | N/A | Please contact your OS vendor | 2025-03-28 | ||
| AMD EPYC™ 9004 Series Processors | "Bergamo" / "Siena" | CVE-2025-485142 | GenoaPI 1.0.0.H | 2025-12-15 | SEV FW 1.37.31 SPL[SEV]=0x1B mitigation bit=3 |
A2:0x0AA0021B | N/A | 2025-06-27 |
| CVE-2025-29939 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.31 SPL[SEV]=0x1B mitigation bit=3 |
N/A | N/A | 2025-06-27 | ||
| CVE-2025-0031 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 |
N/A | N/A | 2025-05-08 | ||
| CVE-2025-52536 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 |
N/A | N/A | 2025-05-08 | ||
| CVE-2025-29950 | GenoaPI 1.0.0.G | 2025-06-27 | N/A | N/A | N/A | N/A | ||
| CVE-2025-48509 | GenoaPI 1.0.0.F | 2025-03-28 | SEV FW 1.37.2A SPL[SEV]=0x18 |
N/A | N/A | 2025-03-28 | ||
| AMD EPYC™ 9004 Series Processors | "Genoa" | CVE-2025-485142 | GenoaPI 1.0.0.H | 2025-12-15 | SEV FW 1.37.31 SPV[SEV]=0x1B |
B1: 0x0A101156 B2:0x0A101251 | N/A | 2025-06-27 |
| CVE-2025-29939 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.31 SPL[SEV]=0x1B |
N/A | N/A | 2025-06-27 | ||
| CVE-2024-21953 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.31 SPL[SEV]=0x1B mitigation bit 0 |
N/A | Please contact your OS vendor | 2025-06-27 | ||
| CVE-2025-0031 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 | N/A | N/A | 2025-05-08 | ||
| CVE-2025-52536 | GenoaPI 1.0.0.G | 2025-06-27 | SEV FW 1.37.2B SPL[SEV]=0x19 | N/A | N/A | 2025-05-08 | ||
| CVE-2024-36310 | GenoaPI 1.0.0.G | 2025-06-27 | N/A | N/A | N/A | N/A | ||
| CVE-2025-29950 | GenoaPI 1.0.0.G | 2025-06-27 | N/A | N/A | N/A | N/A | ||
| CVE-2025-48509 | GenoaPI 1.0.0.F | 2025-03-28 | SEV FW 1.37.2A SPL[SEV]=0x18 | N/A | N/A | 2025-03-28 | ||
| CVE-2024-36355 | GenoaPI 1.0.0.E | 2024-12-16 | N/A | N/A | N/A | N/A | ||
| AMD EPYC™ 9005 Series Processors | "Turin" / "Turin Dense" | CVE-2025-485142 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
C1:0x0B002151 Dense B0: 0x0B10104E | N/A | 2025-06-30 |
| CVE-2025-54514 | TurinPI 1.0.0.6 | 2025-06-30 | N/A | BRH C1: 0x0B002151; BRHD B0: 0x0B10104E | N/A | 2025-07-14 | ||
| CVE-2025-29939 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
N/A | N/A | 2025-06-30 | ||
| CVE-2025-29946 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
N/A | N/A | 2025-06-30 | ||
| CVE-2025-29948 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
N/A | N/A | 2025-06-30 | ||
| CVE-2025-29952 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
N/A | N/A | 2025-06-30 | ||
| CVE-2025-48517 | TurinPI 1.0.0.6 | 2025-06-30 | SEV FW 1.37.41 SPL[SEV]=0x4 mitigation bit=3 |
N/A | N/A | 2025-06-30 | ||
| CVE-2025-29950 | TurinPI 1.0.0.6 | 2025-06-30 | N/A | N/A | N/A | N/A | ||
| CVE-2025-52536 | TurinPI 1.0.0.5 | 2025-04-18 | SEV FW 1.37.3D SPL[SEV]=0x2 | N/A | N/A | 2025-04-18 | ||
| CVE-2025-0031 | TurinPI 1.0.0.5 | 2025-04-18 | SEV FW 1.37.3D SPL[SEV]=0x2 | N/A | N/A | 2025-04-18 | ||
| CVE-2025-48509 | TurinPI 1.0.0.5 | 2025-04-18 | SEV FW 1.37.3D SPL[SEV]=0x2 | N/A | N/A | 2025-04-18 | ||
| CVE-2025-0029 | TurinPI 1.0.0.5 | 2025-04-18 | N/A | N/A | N/A | N/A | ||
| CVE-2025-0012 | TurinPI 1.0.0.4 | 2025-03-04 | N/A | C1: 0x0B002147 Dense B0: 0x0B101047 | N/A | 2025-03-04 | ||
| CVE-2024-36310 | TurinPI 1.0.0.4 | 2025-03-04 | N/A | N/A | N/A | N/A | ||
| "Turin Dense" | CVE-2025-52534 | TurinPI 1.0.0.6 | 2025-06-30 | N/A | Dense B0: 0x0B10104E | N/A | 2025-07-14 | |
| AMD Instinct™ MI300A | CVE-2025-29950 | MI300API 1.0.0.B | 2025-09-04 | N/A | N/A | N/A | N/A | |
1Given that Naples and Rome do not have support for SEV-SNP, an attack on the debug interface does not provide access above and beyond what the attacker would need to initiate the attack through ring 0 and BMC administrator access.
2Applying mitigation CVE-2025-48514 will result in disabling SEV-ES when SEV-SNP is enabled
SEV Table
The SEV Table applies only to CVEs that have SEV FW mitigations.
| CVE ID | SEV | SEV-ES | SEV-SNP |
| CVE-2024-21953 | N | N | Y |
| CVE-2025-0029 | N | N | Y |
| CVE-2025-0031 | N | N | Y |
| CVE-2025-29939 | N | N | Y |
| CVE-2025-29946 | N | N | Y |
| CVE-2025-29948 | N | N | Y |
| CVE-2025-29952 | N | N | Y |
| CVE-2025-48509 | N | N | Y |
| CVE-2025-48514 | N | N | Y |
| CVE-2025-48517 | N | N | Y |
| CVE-2025-52536 | N | N | Y |
AMD EPYC™ Embedded Processors
| Product | CVE | Mitigation | Release Date |
| AMD EPYC™ Embedded 3000 Series Processors | CVE-2025-29950 | SnowyOwl_SP4_SP4r2.1.1.0.H | 2026-01-02 |
| AMD EPYC™ Embedded 7002 Series Processors | CVE-2025-29950 | EmbRomePI-SP3 1.0.0.F | 2025-12-10 |
| CVE-2025-525331 | No fix planned | N/A | |
| CVE-2024-21961 | No fix planned | N/A | |
| AMD EPYC™ Embedded 7003 Series Processors | CVE-2025-52536 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 |
| CVE-2025-0031 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| CVE-2025-29939 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| CVE-2025-48509 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| CVE-2025-485142 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| CVE-2025-29950 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| CVE-2025-525331 | EmbMilanPI-SP3 v9 1.0.0.C | 2025-10-31 | |
| AMD EPYC™ Embedded 8004 Series Processors | CVE-2025-485142 | EmbGenoaPI-SP5 1.0.0.C | 2025-10-31 |
| CVE-2025-52536 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-0031 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29950 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29939 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-48509 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo") | CVE-2025-485142 | EmbGenoaPI-SP5 1.0.0.C | 2025-10-31 |
| CVE-2025-0031 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-52536 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29939 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-48509 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29950 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") | CVE-2025-485142 | EmbGenoaPI-SP5 1.0.0.C | 2025-10-31 |
| CVE-2025-0031 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2024-21953 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-52536 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29939 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-48509 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2025-29950 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2024-36310 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| CVE-2024-36355 | EmbGenoaPI-SP5 1.0.0.B | 2025-08-04 | |
| AMD EPYC™ Embedded 9005 Series Processors | CVE-2025-29948 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 |
| CVE-2025-29946 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-52536 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-0031 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-48517 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-29939 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-29952 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-48509 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-54514 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-485142 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-29950 | EmbTurinPI-SP5 1.0.0.1 | 2025-10-31 | |
| CVE-2025-0012 | EmbTurinPI-SP5 1.0.0.0 | 2025-05-30 | |
| CVE-2025-0029 | EmbTurinPI-SP5 1.0.0.0 | 2025-05-30 |
1Given that Naples and Rome do not have support for SEV-SNP, an attack on the debug interface does not provide access above and beyond what the attacker would need to initiate the attack through ring 0 and BMC administrator access.
2Applying mitigation CVE-2025-48514 will result in disabling SEV-ES when SEV-SNP is enabled
Acknowledgement
AMD thanks the following for reporting and engaging in coordinated vulnerability disclosure:
- Bug Bounty researcher “vul_pwner”: CVE-2024-36355, CVE-2025-29950
- Anonymous: CVE-2024-36310
- Zagartdinov Bulat Булат Загартдинов me@vaire.lt: CVE-2025-52533
- Christopher Thompson, David Daigle, and Shantanu Datar of HPE: CVE-2024-21961: CVE-2024-21961
Internally found: CVE-2024-21953, CVE-2025-0012, CVE-2025-0029, CVE-2025-0031, CVE-2025-29939, CVE-2025-29946, CVE-2025-29948, CVE-2025-29952, CVE-2025-48509, CVE-2025-48514, CVE-2025-48517, CVE-2025-54514, CVE-2025-52534, CVE-2025-52536
Revisions
| Revision Date | Description |
| 2026-02-10 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, EPYC and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2026 Advanced Micro Devices, Inc. All rights reserved.