Description
Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
Published: 2026-06-09
Score: 4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control in the IOMMU register interface can let a privileged attacker force the AMD Secure Processor to perform non-coherent memory accesses, potentially corrupting data integrity. The weakness is a missing authorization check that allows the attacker to bypass protection that should limit register manipulation. The associated CWE-1262 reflects a failure to enforce correct access controls. The consequences are limited to integrity loss; there is no immediate path to code execution reported.

Affected Systems

AMD EPYC 8004 and 9004 series processors, AMD EPYC 9005 series processors, and their embedded equivalents (8004, 9004, 9005). All affected silicon and firmware that implement the IOMMU register interface are vulnerable unless patched.

Risk and Exploitability

The CVSS score of 4 indicates moderate severity. No EPSS score is available, so the current exploitation probability is unknown, but the lack of a KEV designation suggests no publicly known exploits. Based on the description, it is inferred that the attacker would need privileged access to modify IOMMU registers, implying a local privilege escalation scenario. Once a privileged attacker triggers non-coherent accesses, the integrity of data processed by the AMD Secure Processor may be compromised.

Generated by OpenCVE AI on June 9, 2026 at 22:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the AMD supplied firmware or BIOS update that addresses the IOMMU register access control flaw (see AMD SB-3039).
  • Restrict or disable direct IOMMU register access for non-privileged contexts to limit the attack surface.
  • Continuously monitor system logs for coherence errors or integrity anomalies to detect potential exploitation.

Generated by OpenCVE AI on June 9, 2026 at 22:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Improper Access Control in IOMMU Register Interface

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
Weaknesses CWE-1262
References
Metrics cvssV4_0

{'score': 4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-06-09T18:57:03.527Z

Reserved: 2025-07-23T15:01:50.734Z

Link: CVE-2025-54509

cve-icon Vulnrichment

Updated: 2026-06-09T18:56:57.809Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:16:32.580

Modified: 2026-06-09T19:30:24.713

Link: CVE-2025-54509

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses