AMD EPYC Processors Missing Lock Bit Protection Vulnerability Allowing SEV-SNP Guest Integrity Modification

A vulnerability exists in AMD EPYC and AMD EPYC Embedded Series Processors due to missing lock bit protection for North Bridge I/O (NBIO) registers. This flaw could enable a local admin-privileged attacker to alter Memory-Mapped I/O (MMIO) routing configurations, potentially compromising the integrity of Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) guests.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of MMIO routing, causing a loss of integrity for SEV-SNP guests.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware version available for their specific processor series. For AMD EPYC 7003 Series Processors, the mitigated version is MilanPI 1.0.0.J, released on December 2, 2025. AMD EPYC 8004 Series Processors can update to Genoa++_1.0.0.H, available on December 15, 2025. AMD EPYC Embedded 7003 Series Processors should upgrade to EmbMilanPI-SP3 1.0.0.D, released on January 2, 2026. For AMD EPYC Embedded 8004 Series Processors, the recommended version is EmbGenoaPI-SP5 1.0.0.D, available on February 2, 2026.