Primary

Context

AMD EPYC 9005 Series CPUs Platform Security Processor Vulnerability Impacting Guest Confidentiality

Vulnerability

A vulnerability exists in the AMD Platform Security Processor of EPYC 9005 Series CPUs, where a missing lock check allows a privileged attacker to potentially compromise guest confidentiality through local access. This issue arises from improper verification in the Secure Processor firmware, which could enable unauthorized alterations to Memory Mapped I/O (MMIO) routing, thereby affecting the integrity of guest systems.

Impact

Exploitation of this vulnerability could lead to unauthorized access to confidential information of guest systems, potentially allowing for privacy breaches or unauthorized data manipulation.

Remediation

Users should contact their OEM for the specific BIOS update related to this vulnerability. AMD has scheduled a release for the EPYC 9005 Series Processors on November 26, 2025.

Added: Apr 16, 2026, 7:29 PM

Updated: Apr 16, 2026, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.3

exploitability

2.4

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.3

exploitability

2.4

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD EPYC 9005 Series CPUs Platform Security Processor Vulnerability Impacting Guest Confidentiality

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating