AMD EPYC 7002
Easy fix2 remedies
cpe:2.3:h:amd:epyc_7002:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
AMD EPYC Processors SEV Firmware Downgrade Vulnerability
Vulnerability
Patched
A vulnerability exists in the Secure Encrypted Virtualization (SEV) firmware of AMD EPYC processors, specifically in the 9004 and embedded 9004 series, due to improper prevention of lock bit modification. This flaw could enable a privileged attacker to downgrade the firmware, potentially compromising its integrity. The issue has been acknowledged by AMD and is set to be addressed in a future firmware update.
Impact
Exploitation of this vulnerability could lead to unauthorized firmware downgrades, with potential integrity loss in the affected SEV environment.
Remediation
Users are advised to update to the AMD EPYC Platform Initialization (PI) or Secure Encrypted Virtualization (SEV) firmware version 1.37.31, available through the AMD EPYC Embedded 9004 Series Processors update on January 2, 2026.
Added: Feb 10, 2026, 9:52 PM
Updated: Feb 10, 2026, 9:52 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
2.8remediation
8.3relevance
2.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.