CVE-2025-61972 PUBLISHED

Assigner: AMD
Reserved: 04.10.2025 Published: 13.05.2026 Updated: 13.05.2026

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	High	Integrity	High	Integrity	High
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD EPYC™ 9004 Series Processors
Versions	Default: affected Version GenoaPI_1.0.0.H is unaffected

Vendor	AMD
Product	AMD EPYC™ 9005 Series Processors
Versions	Default: affected Version TurinPI_1.0.0.8 is unaffected

Vendor	AMD
Product	AMD EPYC™ 8004 Series Processors
Versions	Default: affected Version GenoaPI_1.0.0.H is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
Versions	Default: affected Version EmbGenoaPI-SP5 1.0.0.D is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
Versions	Default: affected Version EmbGenoaPI-SP5 1.0.0.D is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 8004 Series Processors
Versions	Default: affected Version EmbGenoaPI-SP5 1.0.0.D is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 9005 Series Processors
Versions	Default: affected Version EmbeddedTurinPI_SP5_1004 is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

Problem Types

CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection CWE