Volerion logoVolerion
Volerion logoVolerion

AMD EPYC and Embedded Processors Missing Lock Bit Protection Vulnerability Allowing Arbitrary SMN Access and Code Execution

Vulnerability

A vulnerability exists in AMD EPYC and AMD EPYC Embedded Series Processors due to missing lock bit protection for NBIO registers. This flaw could enable a local admin-privileged attacker to gain unauthorized access to the System Management Network (SMN), potentially leading to arbitrary code execution within the AMD Secure Processor (ASP) environment. Additionally, this vulnerability could compromise the confidentiality and integrity of SEV-SNP guests.

Impact

Exploitation of this vulnerability could result in unauthorized SMN access, arbitrary code execution in the AMD Secure Processor, and a breach of confidentiality and integrity for SEV-SNP guests.

Remediation

Users are advised to update to the Platform Initialization (PI) firmware version specific to their processor series. For AMD EPYC Embedded 9005 Series Processors, the recommended version is EmbeddedTurinPI_SP5_1004, available from the original equipment manufacturer (OEM).

Added: May 13, 2026, 7:16 PM
Updated: May 13, 2026, 7:16 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
6.7
exploitability
2.8
remediation
0.0
relevance
8.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.