PT-2026-32900 · Amd · Zen 5+3
Published
2026-04-14
·
Updated
2026-04-17
·
CVE-2025-54510
CVSS v4.0
5.9
Medium
| AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
AMD Zen 3, Zen 4, and Zen 5-based products (affected versions not specified)
Description
A missing lock verification in AMD Secure Processor (ASP) firmware allows a locally authenticated attacker with administrative or UEFI privileges to alter Memory Mapped I/O (MMIO) routing. By bypassing Infinity Fabric lockdown API calls, an attacker can reconfigure routing to redirect memory transactions away from the Platform Security Processor (PSP). During the SNP INIT process, the PSP fails to write the Reverse Map Table (RMP), which manages Confidential VM access controls, leaving the RMP in insecure defaults. This enables arbitrary read and write access to Confidential VMs, defeating the confidentiality and integrity of SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging), a technology used to isolate virtual machines from the hypervisor.
Recommendations
Apply the patches released by AMD for Zen 3, Zen 4, and Zen 5-based products.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amd Secure Processor
Zen 3
Zen 4
Zen 5