CVE-2025-29952

Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity

CVSS

No CVSS.

References

Link	Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Inicialización incorrecta dentro del firmware de AMD Secure Encrypted Virtualization (SEV) puede permitir a un atacante con privilegios de administrador corromper la memoria cubierta por RMP, lo que podría resultar en la pérdida de la integridad de la memoria del invitado.

10 Feb 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 20:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-29952

Mitre link : CVE-2025-29952

CVE.ORG link : CVE-2025-29952

JSON object : View

Products Affected

No product.

CWE

CWE-457

Use of Uninitialized Variable

{"id": "CVE-2025-29952", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@amd.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T20:16:44.767", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html", "source": "psirt@amd.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-457"}]}], "descriptions": [{"lang": "en", "value": "Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity"}, {"lang": "es", "value": "Inicializaci\u00f3n incorrecta dentro del firmware de AMD Secure Encrypted Virtualization (SEV) puede permitir a un atacante con privilegios de administrador corromper la memoria cubierta por RMP, lo que podr\u00eda resultar en la p\u00e9rdida de la integridad de la memoria del invitado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@amd.com"}