CVE-2025-29948

Publication date 10 February 2026

Last updated 26 June 2026

Ubuntu priority

Description

Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
amd64-microcode	26.04 LTS resolute	Vulnerable
	25.10 questing	Vulnerable
	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

Notes

rodrigo-zaiden

affects SEV FW, supported in microcode package starting from noble AMD advisory mentions SEV release in: Turin (fam 1a model 02h): SEV FW 1.37.41 (1.55.65) Upstream including these versions is found in commit 13786e87: Update AMD SEV firmware to version 1.58 build 3 for AMD family 1ah processors with models in the range 00h to 0fh.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
amd64-microcode	Upstream: ?id=137

Severity score breakdown

CVSS version: CVSS v4.0

Base score 5.9 · Medium

Base metrics

Parameter	Value
Attack vector	Local
Attack complexity	Low
Attack requirements	None
Privileges required	High
User interaction	None
Vulnerable system - Confidentiality impact	None
Vulnerable system - Integrity impact	None
Vulnerable system - Availability impact	None
Subsequent system - Confidentiality impact	None
Subsequent system - Integrity impact	High
Subsequent system - Availability impact	None

Scores

Parameter	Value
Base score	5.9 · Medium
Base + Threat score	-
Base + Environmental score	-
Base + Threat + Environmental score	-

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N