Primary

Context

AMD EPYC Processors SEV Firmware Access Control Vulnerability

Vulnerability

A vulnerability exists in the Secure Encrypted Virtualization (SEV) firmware of AMD EPYC processors, specifically in the access control granularity. This flaw could enable a privileged user with a malicious hypervisor to create a SEV-ES guest that uses an Address Space ID (ASID) designated for SEV-SNP guests. Such an action could lead to a partial breach of confidentiality.

Impact

Exploitation of this vulnerability could result in a partial loss of confidentiality.

Remediation

Users are advised to update to the AMD EPYC Platform Initialization (PI) or SEV firmware version 1.37.41. For specific BIOS update details, please contact your OEM.

Added: Feb 10, 2026, 9:55 PM

Updated: Feb 10, 2026, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

2.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

2.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD EPYC Processors SEV Firmware Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating