CVE-2025-0033

Name of the Vulnerable Software and Affected Versions AMD EPYC and EPYC Embedded series processors versions prior to BIOS updates from OEM partners AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) (affected versions not specified)

Description A critical issue, dubbed RMPocalypse (CVE-2025-0033), has been identified in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. This flaw stems from a race condition during the initialization of the Reverse Map Table (RMP) within the AMD Secure Processor (ASP). The RMP is designed to protect guest page mappings from unauthorized modification by the hypervisor. However, a vulnerability exists during RMP initialization, allowing a malicious or compromised hypervisor to overwrite RMP entries before they are locked. This single 8-byte write to the RMP table during initialization compromises all SEV-SNP security guarantees.

The vulnerability allows a malicious hypervisor to corrupt the RMP, enabling complete compromise of confidential virtual machine integrity and confidentiality. Attackers can potentially exfiltrate all encrypted data within confidential VMs, execute arbitrary code, and achieve persistence across VM operations. The issue affects processors from the Zen 3, Zen 4, and Zen 5 architectures. The vulnerability does not expose plaintext data or secrets directly, but requires privileged control of the hypervisor to exploit. The RMP is a large data structure (up to 16 GB) stored in DRAM, and its correct initialization is crucial for the security of SEV-SNP.

Recommendations Apply BIOS/firmware updates from hardware manufacturers.