Vulnerability-Lookup

WID-SEC-W-2025-2569

Vulnerability from csaf_certbund - Published: 2025-11-11 23:00 - Updated: 2025-11-23 23:00

Summary

AMD EPYC-Prozessoren und Arm Trusted Firmware: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Prozessoren sind die zentralen Rechenwerke eines Computers.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessor ausnutzen, um Dateien zu manipulieren, Sicherheitsmaßnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Prozessoren sind die zentralen Rechenwerke eines Computers.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in AMD Prozessor ausnutzen, um Dateien zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen und einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2569 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2569.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2569 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2569"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-3029 vom 2025-11-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3029.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-8017 vom 2025-11-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8017.html"
      },
      {
        "category": "external",
        "summary": "AMD Security Bulletin AMD-SB-8020 vom 2025-11-11",
        "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8020.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPESBHF04962 vom 2025-11-12",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04962en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-350 vom 2025-11-13",
        "url": "https://www.dell.com/support/kbdoc/000390641"
      }
    ],
    "source_lang": "en-US",
    "title": "AMD EPYC-Prozessoren und Arm Trusted Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-23T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-24T07:07:19.431+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2569",
      "initial_release_date": "2025-11-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-11-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-198507, EUVD-2025-198576, EUVD-2025-198581"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "EPYC 7003 \u003cEmbMilan  PI-SP3 v9  1.0.0.B",
                "product": {
                  "name": "AMD Prozessor EPYC 7003 \u003cEmbMilan  PI-SP3 v9  1.0.0.B",
                  "product_id": "T048522"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 7003 EmbMilan  PI-SP3 v9  1.0.0.B",
                "product": {
                  "name": "AMD Prozessor EPYC 7003 EmbMilan  PI-SP3 v9  1.0.0.B",
                  "product_id": "T048522-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_7003__embmilan__pi-sp3_v9__1.0.0.b"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 8004 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 8004 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048524"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 8004 EmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 8004 EmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048524-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_8004__embgenoa__pi-sp5__1.0.0.a"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 7003 \u003cMilanPI_1.0.0.F",
                "product": {
                  "name": "AMD Prozessor EPYC 7003 \u003cMilanPI_1.0.0.F",
                  "product_id": "T048525"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 7003 MilanPI_1.0.0.F",
                "product": {
                  "name": "AMD Prozessor EPYC 7003 MilanPI_1.0.0.F",
                  "product_id": "T048525-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_7003__milanpi_1.0.0.f"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Arm Trusted Firmware for Cortex-A processors \u003c2025.2",
                "product": {
                  "name": "AMD Prozessor Arm Trusted Firmware for Cortex-A processors \u003c2025.2",
                  "product_id": "T048530"
                }
              },
              {
                "category": "product_version",
                "name": "Arm Trusted Firmware for Cortex-A processors 2025.2",
                "product": {
                  "name": "AMD Prozessor Arm Trusted Firmware for Cortex-A processors 2025.2",
                  "product_id": "T048530-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:arm_trusted_firmware_for_cortex-a_processors__2025.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 8004 \u003cGenoaPI_1.0.0.G",
                "product": {
                  "name": "AMD Prozessor EPYC 8004 \u003cGenoaPI_1.0.0.G",
                  "product_id": "T048531"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 8004 GenoaPI_1.0.0.G",
                "product": {
                  "name": "AMD Prozessor EPYC 8004 GenoaPI_1.0.0.G",
                  "product_id": "T048531-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_8004__genoapi_1.0.0.g"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 9004 \u003cGenoaPI_1.0.0.G",
                "product": {
                  "name": "AMD Prozessor EPYC 9004 \u003cGenoaPI_1.0.0.G",
                  "product_id": "T048532"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 9004 GenoaPI_1.0.0.G",
                "product": {
                  "name": "AMD Prozessor EPYC 9004 GenoaPI_1.0.0.G",
                  "product_id": "T048532-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_9004__genoapi_1.0.0.g"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 9005 \u003cTurinPI_1.0.0.3",
                "product": {
                  "name": "AMD Prozessor EPYC 9005 \u003cTurinPI_1.0.0.3",
                  "product_id": "T048533"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 9005 TurinPI_1.0.0.3",
                "product": {
                  "name": "AMD Prozessor EPYC 9005 TurinPI_1.0.0.3",
                  "product_id": "T048533-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_9005__turinpi_1.0.0.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "EPYC Embedded 9005",
                "product": {
                  "name": "AMD Prozessor EPYC Embedded 9005",
                  "product_id": "T048534",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_embedded_9005"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 9005 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 9005 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048535"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 9005 EmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 9005 EmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048535-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_9005__embgenoa__pi-sp5__1.0.0.a"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "EPYC 9004 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 9004 \u003cEmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048536"
                }
              },
              {
                "category": "product_version",
                "name": "EPYC 9004 EmbGenoa  PI-SP5  1.0.0.A",
                "product": {
                  "name": "AMD Prozessor EPYC 9004 EmbGenoa  PI-SP5  1.0.0.A",
                  "product_id": "T048536-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:amd:amd_processor:epyc_9004__embgenoa__pi-sp5__1.0.0.a"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Prozessor"
          }
        ],
        "category": "vendor",
        "name": "AMD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T033533",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T027712",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-29934",
      "product_status": {
        "known_affected": [
          "T033533",
          "T048525",
          "T048536",
          "T048531",
          "T027712",
          "T048524",
          "T048535",
          "T048534",
          "T048522",
          "T048533",
          "T048532"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-29934"
    },
    {
      "cve": "CVE-2025-48507",
      "product_status": {
        "known_affected": [
          "T033533",
          "T027712",
          "T048530"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-48507"
    },
    {
      "cve": "CVE-2025-54515",
      "product_status": {
        "known_affected": [
          "T033533",
          "T027712",
          "T048530"
        ]
      },
      "release_date": "2025-11-11T23:00:00.000+00:00",
      "title": "CVE-2025-54515"
    }
  ]
}

CVE-2025-48507 (GCVE-0-2025-48507)

Vulnerability from cvelistv5 – Published: 2025-11-23 17:07 – Updated: 2025-12-19 03:37

Summary

The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

Severity ?

8.6 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

Kria™ SOM

Affected: Version TBD

	AMD	Zynq™ UltraScale+™ MPSoCs	Affected: Version TBD
	AMD	Zynq™ UltraScale+™ RFSoCs	Affected: Version TBD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T14:35:37.428927Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T14:35:47.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Kria\u2122 SOM",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Version TBD"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Zynq\u2122 UltraScale+\u2122 MPSoCs",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Version TBD"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Zynq\u2122 UltraScale+\u2122 RFSoCs",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Version TBD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eThe security state of the calling processor into Arm\u00ae Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "The security state of the calling processor into Arm\u00ae Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T03:37:39.023Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8017.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-48507",
    "datePublished": "2025-11-23T17:07:56.914Z",
    "dateReserved": "2025-05-22T16:34:02.896Z",
    "dateUpdated": "2025-12-19T03:37:39.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54515 (GCVE-0-2025-54515)

Vulnerability from cvelistv5 – Published: 2025-11-23 17:15 – Updated: 2025-12-19 03:40

Summary

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state.

Severity ?

1 (Low)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

Versal™ Adaptive SoC Devices

Unaffected: 2025.2

AMD	Versal™ RF Series	Unaffected: 2025.2
AMD	Versal™ AI Edge Series	Unaffected: 2025.2
AMD	Versal™ Prime Series	Unaffected: 2025.2
AMD	Versal™ Premium Series	Unaffected: 2025.2
AMD	Versal™ AI Core Series	Unaffected: 2025.2
AMD	Versal™ HBM Series	Unaffected: 2025.2
AMD	Alveo™ V80 Compute Accelerator	Unaffected: 2025.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54515",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-24T17:18:38.900562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-24T17:18:45.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122 Adaptive SoC Devices",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  RF Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  AI Edge Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  Prime Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  Premium Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  AI Core Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Versal\u2122  HBM Series",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Alveo\u2122 V80 Compute Accelerator",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "2025.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eThe Secure Flag passed to Versal\u2122\u003c/span\u003e\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\u0026nbsp;Adaptive SoC\u2019s Trusted Firmware for Cortex\u003c/span\u003e\u00ae\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e-A processors (TF-A) for Arm\u2019s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor\u2019s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "The Secure Flag passed to Versal\u2122\u00a0Adaptive SoC\u2019s Trusted Firmware for Cortex\u00ae-A processors (TF-A) for Arm\u2019s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor\u2019s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 1,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T03:40:17.492Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8020.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-54515",
    "datePublished": "2025-11-23T17:15:28.948Z",
    "dateReserved": "2025-07-23T15:01:52.882Z",
    "dateUpdated": "2025-12-19T03:40:17.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-29934 (GCVE-0-2025-29934)

Vulnerability from cvelistv5 – Published: 2025-11-21 18:45 – Updated: 2025-11-23 17:30

Summary

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-459 - Incomplete Cleanup

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

AMD EPYC™ 9004 Series Processors

Unaffected: Genoa 1.0.0.E

AMD	AMD EPYC™ 9005 Series Processors	Unaffected: Turin 1.0.0.6
AMD	AMD EPYC™ 8004 Series Processors	Unaffected: Genoa 1.0.0.E
AMD	AMD EPYC™ Embedded 7003 Series Processors	Unaffected: EmbMilanPI-SP3 v9 1.0.0.B
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")	Unaffected: EmbGenoaPI-SP5 1.0.0.A
AMD	AMD EPYC™ Embedded 9005 Series Processors	Unaffected: EmbTurinPI-SP5 1.0.0.1
AMD	AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")	Unaffected: EmbGenoaPI-SP5 1.0.0.A
AMD	AMD EPYC™ Embedded 8004 Series Processors	Unaffected: EmbGenoaPI-SP5 1.0.0.A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-21T19:02:59.284742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-21T19:03:15.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Turin 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 v9 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Genoa\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbTurinPI-SP5 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.A"
            }
          ]
        }
      ],
      "datePublic": "2025-11-21T18:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.\t\r\n\u003cbr\u003e"
            }
          ],
          "value": "A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-459",
              "description": "CWE-459  Incomplete Cleanup",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-23T17:30:46.143Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3029.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-29934",
    "datePublished": "2025-11-21T18:45:16.849Z",
    "dateReserved": "2025-03-12T15:14:59.391Z",
    "dateUpdated": "2025-11-23T17:30:46.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2569

CVE-2025-48507 (GCVE-0-2025-48507)

CVE-2025-54515 (GCVE-0-2025-54515)

CVE-2025-29934 (GCVE-0-2025-29934)

Tags

Sightings

Nomenclature