4
CVE-2025-48514
- EPSS 0.02%
- Veröffentlicht 10.02.2026 19:14:22
- Zuletzt bearbeitet 10.02.2026 21:51:48
- Quelle psirt@amd.com
- CVE-Watchlists
- Unerledigt
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
≫
Produkt
AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version
Genoa++_1.0.0.H
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ 7003 Series Processors
Default Statusaffected
Version
MilanPI 1.0.0.H
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ 9005 Series Processors
Default Statusaffected
Version
TurinPI 1.0.0.6
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ 8004 Series Processors
Default Statusaffected
Version
Genoa++_1.0.0.H
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 7003 Series Processors
Default Statusaffected
Version
EmbMilanPI-SP3 v9 1.0.0.C
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
Default Statusaffected
Version
EmbGenoaPI-SP5 1.0.0.C
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 9005 Series Processors
Default Statusaffected
Version
EmbTurinPI-SP5_1.0.0.1
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
Default Statusaffected
Version
EmbGenoaPI-SP5 1.0.0.C
Status
unaffected
HerstellerAMD
≫
Produkt
AMD EPYC™ Embedded 8004 Series Processors
Default Statusaffected
Version
EmbGenoaPI-SP5 1.0.0.C
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@amd.com | 4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.