4

CVE-2025-54509

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAMD
Produkt AMD EPYC™ 9004 Series Processors
Default Statusaffected
Version GenoaPI_1.0.0.H
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 9005 Series Processors
Default Statusaffected
Version TurinPI_1.0.0.8
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ 8004 Series Processors
Default Statusaffected
Version GenoaPI_1.0.0.H
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.D
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.D
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 8004 Series Processors
Default Statusaffected
Version EmbGenoaPI-SP5 1.0.0.D
Status unaffected
HerstellerAMD
Produkt AMD EPYC™ Embedded 9005 Series Processors
Default Statusaffected
Version EmbeddedTurinPI_SP5_1004
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.027
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@amd.com 4 0 0
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-1262 Improper Access Control for Register Interface

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html