AMD EPYC Processors SEV Firmware Access Control Vulnerability

A vulnerability exists in the Secure Encrypted Virtualization (SEV) firmware of AMD EPYC processors, specifically in the 9004 and embedded 9004 series, due to insufficient granularity of access control. This flaw could allow a privileged attacker to create a SEV-ES guest that could attack a SEV-SNP guest, potentially leading to a loss of confidentiality. The vulnerability affects several different versions and ranges of AMD EPYC processors, including the 7001, 7002, 7003, 8004, 9004, and embedded 9004 series.

Impact

Exploitation of this vulnerability could result in a loss of confidentiality for memory associated with a SEV-SNP guest.

Remediation

Users are advised to update to the AMD EPYC Platform Initialization (PI) or Secure Encrypted Virtualization (SEV) firmware version that includes the mitigation. For AMD EPYC 9004 series processors, the relevant PI version is 'GenoaPI 1.0.0.H' or 'TurinPI 1.0.0.6', both of which include the necessary SEV firmware update. For AMD EPYC embedded 9004 series processors, the recommended version is 'EmbGenoaPI-SP5 1.0.0.C', also available starting October 31, 2025.