← Back
2026-05-13 3:2CVE-2025-61971AMD
PUBLISHED5.2CWE-1233

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.

Problem type

Affected products

AMD

AMD EPYC™ 9004 Series Processors

GenoaPI_1.0.0.H - UNAFFECTED

AMD EPYC™ 7003 Series Processors

MilanPI-SP3_1.0.0.J - UNAFFECTED

AMD EPYC™ 9005 Series Processors

TurinPI_1.0.0.8 - UNAFFECTED

AMD EPYC™ 8004 Series Processors

GenoaPI_1.0.0.H - UNAFFECTED

AMD EPYC™ Embedded 7003 Series Processors

EmbMilanPI-SP3 1.0.0.D - UNAFFECTED

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")

EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")

EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED

AMD EPYC™ Embedded 8004 Series Processors

EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED

AMD EPYC™ Embedded 9005 Series Processors

EmbeddedTurinPI_SP5_1004 - UNAFFECTED

References

amd.com

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-61971
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-61971",
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "dateUpdated": "2026-05-13T03:02:55.705Z",
    "dateReserved": "2025-10-04T18:09:57.018Z",
    "datePublished": "2026-05-13T03:02:55.705Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD",
        "dateUpdated": "2026-05-13T03:02:55.705Z"
      },
      "datePublic": "2026-05-13T03:00:33.777Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.<br>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ 9004 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "GenoaPI_1.0.0.H",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ 7003 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "MilanPI-SP3_1.0.0.J",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ 9005 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "TurinPI_1.0.0.8",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ 8004 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "GenoaPI_1.0.0.H",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ Embedded 7003 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "EmbMilanPI-SP3 1.0.0.D",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ Embedded 9004  Series Processors (formerly codenamed \"Genoa\")",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "EmbGenoaPI-SP5 1.0.0.D",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "EmbGenoaPI-SP5 1.0.0.D",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ Embedded 8004 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "EmbGenoaPI-SP5 1.0.0.D",
              "status": "unaffected"
            }
          ]
        },
        {
          "vendor": "AMD",
          "product": "AMD EPYC™ Embedded 9005 Series Processors",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "EmbeddedTurinPI_SP5_1004",
              "status": "unaffected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-1233  Security-Sensitive Hardware Controls with Missing Lock Bit Protection",
              "cweId": "CWE-1233",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ]
    }
  }
}