CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity

CVSS

No CVSS.

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-10 20:16

Updated : 2026-02-10 21:51

NVD link : CVE-2025-29952

Mitre link : CVE-2025-29952

CVE.ORG link : CVE-2025-29952

JSON object : View

Products Affected

No product.

CWE

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2025-29952", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T20:16:44.767", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html", "source": "psirt@amd.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity"}, {"lang": "es", "value": "Inicializaci\u00f3n incorrecta dentro del firmware de AMD Secure Encrypted Virtualization (SEV) puede permitir a un atacante con privilegios de administrador corromper la memoria cubierta por RMP, lo que podr\u00eda resultar en la p\u00e9rdida de la integridad de la memoria del invitado."}], "lastModified": "2026-02-10T21:51:48.077", "sourceIdentifier": "psirt@amd.com"}

CVE-2025-29952

JSON object

Attach tags to CVE-2025-29952

Attach tags to `CVE-2025-29952`