7.1

CVE-2025-29950

Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version GenoaPI 1.0.0.G
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version MilanPI 1.0.0.H
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 7002 Series Processors
Default Statusaffected
Version RomePI 1.0.0.N
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 7001 Series Processors
Default Statusaffected
Version NaplesPI 1.0.0.R
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 9005 Series Processors
Default Statusaffected
Version TurinPI 1.0.0.6
Status unaffected
HerstellerAMD
Produkt AMD Instinct™ MI300A
Default Statusaffected
Version MI300A 1.0.0.B
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 9V64H Processor
Default Statusaffected
Version MI300C 1.0.0.2
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 3000WX Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.C
Status unaffected
Version CastlePeakWSPI-sWRX8 1.0.0.I
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors
Default Statusaffected
Version ChagallWSPI-sWRX8 1.0.0.C
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ 7000 Processors
Default Statusaffected
Version StormPeakPI-SP6_1.0.0.1l
Status unaffected
Version ShimadaPeakPI-SP6_1.0.0.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors
Default Statusaffected
Version StormPeakPI-SP6_1.1.0.0j
Status unaffected
Version ShimadaPeakPI-SP6_1.0.0.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ 9000 Processors
Default Statusaffected
Version ShimadaPeakPI-SP6_1.0.0.1
Status unaffected
HerstellerAMD
Produkt AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors
Default Statusaffected
Version ShimadaPeakPI-SP6_1.0.0.1
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version EmbMilanPI-SP3 v9 1.0.0.C
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.B
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 7002 Series Processors
Default Statusaffected
Version EmbRomePI-SP3 1.0.0.F
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 3000 Series Processors
Default Statusaffected
Version SnowyOwl_SP4_SP4r2.1.1.0.H
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9005 Series Processors
Default Statusaffected
Version EmbTurinPI-SP5_1.0.0.1
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.B
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 8004 Series Processors
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.B
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.003
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 7.1 0 0
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.