Improper Access Control Vulnerability in AMD Secure Processor
CVE-2025-54509

4MEDIUM

What is CVE-2025-54509?

This vulnerability involves improper access control within the register interface of the input-output memory management unit (IOMMU) associated with the AMD Secure Processor. A malicious actor with elevated privileges could exploit this flaw, leading to non-coherent accesses by the AMD secure processor. Such exploitation holds the potential for integrity loss, resulting in unauthorized access and manipulation of sensitive operational data. Timely updates and fortified access controls are essential measures to mitigate associated risks.

Affected Version(s)

AMD EPYC™ 8004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9004 Series Processors GenoaPI_1.0.0.H

AMD EPYC™ 9005 Series Processors TurinPI_1.0.0.8

References

CVSS V4

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.