Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.
PUBLISHED5.2CWE-1233
Problem type
Affected products
AMD
AMD EPYC™ 9004 Series Processors
GenoaPI_1.0.0.H - UNAFFECTED
AMD EPYC™ 9005 Series Processors
TurinPI_1.0.0.8 - UNAFFECTED
AMD EPYC™ 8004 Series Processors
GenoaPI_1.0.0.H - UNAFFECTED
AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")
EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED
AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")
EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED
AMD EPYC™ Embedded 8004 Series Processors
EmbGenoaPI-SP5 1.0.0.D - UNAFFECTED
AMD EPYC™ Embedded 9005 Series Processors
EmbeddedTurinPI_SP5_1004 - UNAFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-61972Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-61972",
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"dateUpdated": "2026-05-13T03:03:31.455Z",
"dateReserved": "2025-10-04T18:09:57.018Z",
"datePublished": "2026-05-13T03:03:31.455Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD",
"dateUpdated": "2026-05-13T03:03:31.455Z"
},
"datePublic": "2026-05-13T03:00:40.598Z",
"descriptions": [
{
"lang": "en",
"value": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest's confidentiality and integrity. <br>"
}
]
}
],
"affected": [
{
"vendor": "AMD",
"product": "AMD EPYC™ 9004 Series Processors",
"defaultStatus": "affected",
"versions": [
{
"version": "GenoaPI_1.0.0.H",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ 9005 Series Processors",
"defaultStatus": "affected",
"versions": [
{
"version": "TurinPI_1.0.0.8",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ 8004 Series Processors",
"defaultStatus": "affected",
"versions": [
{
"version": "GenoaPI_1.0.0.H",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed \"Genoa\")",
"defaultStatus": "affected",
"versions": [
{
"version": "EmbGenoaPI-SP5 1.0.0.D",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")",
"defaultStatus": "affected",
"versions": [
{
"version": "EmbGenoaPI-SP5 1.0.0.D",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ Embedded 8004 Series Processors",
"defaultStatus": "affected",
"versions": [
{
"version": "EmbGenoaPI-SP5 1.0.0.D",
"status": "unaffected"
}
]
},
{
"vendor": "AMD",
"product": "AMD EPYC™ Embedded 9005 Series Processors",
"defaultStatus": "affected",
"versions": [
{
"version": "EmbeddedTurinPI_SP5_1004",
"status": "unaffected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection",
"cweId": "CWE-1233",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html"
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
]
}
}
}