CVE-2025-48509
Publication date 10 February 2026
Last updated 26 June 2026
Ubuntu priority
Description
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 26.04 LTS resolute |
Vulnerable
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
affects SEV FW, supported in microcode package starting from noble AMD advisory mentions SEV release in: Milan (fam 19h model 01h): SEV FW 1.37.23 (1.55.35) Genoa (fam 19h model 11h): SEV FW 1.37.2A (1.55.42) Turin (fam 1a model 02h): SEV FW 1.37.3D (1.55.61) Upstream including these versions is found in commit 13786e87: Update AMD SEV firmware to version 1.58 build 1 for AMD family 19h processors with models in the range 00h to 0fh. Update AMD SEV firmware to version 1.58 build 1 for AMD family 19h processors with models in the range 10h to 1fh. Update AMD SEV firmware to version 1.58 build 3 for AMD family 1ah processors with models in the range 00h to 0fh.
Severity score breakdown
CVSS version: CVSS v4.0
Base score
1.8 · Low
Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N