CVE-2025-61971 PUBLISHED

Assigner: AMD
Reserved: 04.10.2025 Published: 13.05.2026 Updated: 13.05.2026

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
CVSS Score: 5.9

Product Status

Vendor AMD
Product AMD EPYC™ 9004 Series Processors
Versions Default: affected
  • Version GenoaPI_1.0.0.H is unaffected
Vendor AMD
Product AMD EPYC™ 7003 Series Processors
Versions Default: affected
  • Version MilanPI-SP3_1.0.0.J is unaffected
Vendor AMD
Product AMD EPYC™ 9005 Series Processors
Versions Default: affected
  • Version TurinPI_1.0.0.8 is unaffected
Vendor AMD
Product AMD EPYC™ 8004 Series Processors
Versions Default: affected
  • Version GenoaPI_1.0.0.H is unaffected
Vendor AMD
Product AMD EPYC™ Embedded 7003 Series Processors
Versions Default: affected
  • Version EmbMilanPI-SP3 1.0.0.D is unaffected
Vendor AMD
Product AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
Versions Default: affected
  • Version EmbGenoaPI-SP5 1.0.0.D is unaffected
Vendor AMD
Product AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
Versions Default: affected
  • Version EmbGenoaPI-SP5 1.0.0.D is unaffected
Vendor AMD
Product AMD EPYC™ Embedded 8004 Series Processors
Versions Default: affected
  • Version EmbGenoaPI-SP5 1.0.0.D is unaffected
Vendor AMD
Product AMD EPYC™ Embedded 9005 Series Processors
Versions Default: affected
  • Version EmbeddedTurinPI_SP5_1004 is unaffected

References

Problem Types

  • CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection CWE