SEV Improper Access Control in Secure Nested Paging (SNP)
CVE-2025-29939 Published on February 10, 2026

Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity.

NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2025-29939 has been classified to as an Authorization vulnerability or weakness.

Affected Versions

AMD EPYC™ 9004 Series Processors:

Version GenoaPI 1.0.0.G is unaffected.

AMD EPYC™ 7003 Series Processors:

Version MilanPI 1.0.0.H is unaffected.

AMD EPYC™ 9005 Series Processors:

Version TurinPI 1.0.0.6 is unaffected.

AMD EPYC™ 8004 Series Processors:

Version GenoaPI 1.0.0.G is unaffected.

AMD EPYC™ Embedded 7003 Series Processors:

Version EmbMilanPI-SP3 v9 1.0.0.C is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"):

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

AMD EPYC™ Embedded 9005 Series Processors:

Version EmbTurinPI-SP5_1.0.0.1 is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"):

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

AMD EPYC™ Embedded 8004 Series Processors:

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

Exploit Probability

EPSS

0.02%

Percentile

4.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SEV Improper Access Control in Secure Nested Paging (SNP)CVE-2025-29939 Published on February 10, 2026

Weakness Type

What is an Authorization Vulnerability?

Affected Versions

Exploit Probability

SEV Improper Access Control in Secure Nested Paging (SNP)
CVE-2025-29939 Published on February 10, 2026