CVE-2025-29950: Privileged SMM Input Validation Flaw Allows Code Exec
CVE-2025-29950 Published on February 10, 2026

Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.

NVD

Weakness Type

Insufficient Protections on the Volatile Memory Containing Boot Code

The protections on the product's non-volatile memory containing boot code are insufficient to prevent the bypassing of secure boot or the execution of an untrusted, boot code chosen by an adversary.

Affected Versions

AMD EPYC™ 9004 Series Processors:

Version GenoaPI 1.0.0.G is unaffected.

AMD EPYC™ 7003 Series Processors:

Version MilanPI 1.0.0.H is unaffected.

AMD EPYC™ 7002 Series Processors:

Version RomePI 1.0.0.N is unaffected.

AMD EPYC™ 7001 Series Processors:

Version NaplesPI 1.0.0.R is unaffected.

AMD EPYC™ 9005 Series Processors:

Version TurinPI 1.0.0.6 is unaffected.

AMD Instinct™ MI300A:

Version MI300A 1.0.0.B is unaffected.

AMD EPYC™ 9V64H Processor:

Version MI300C 1.0.0.2 is unaffected.

AMD Ryzen™ Threadripper™ PRO 3000WX Processors:

Version ChagallWSPI-sWRX8 1.0.0.C is unaffected.
Version CastlePeakWSPI-sWRX8 1.0.0.I is unaffected.

AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors:

Version ChagallWSPI-sWRX8 1.0.0.C is unaffected.

AMD Ryzen™ Threadripper™ 7000 Processors:

Version StormPeakPI-SP6_1.0.0.1l is unaffected.
Version ShimadaPeakPI-SP6_1.0.0.1 is unaffected.

AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors:

Version StormPeakPI-SP6_1.1.0.0j is unaffected.
Version ShimadaPeakPI-SP6_1.0.0.1 is unaffected.

AMD Ryzen™ Threadripper™ 9000 Processors:

Version ShimadaPeakPI-SP6_1.0.0.1 is unaffected.

AMD Ryzen™ Threadripper™ PRO 9000 WX-Series Processors:

Version ShimadaPeakPI-SP6_1.0.0.1 is unaffected.

AMD EPYC™ Embedded 7003 Series Processors:

Version EmbMilanPI-SP3 v9 1.0.0.C is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"):

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

AMD EPYC™ Embedded 7002 Series Processors:

Version EmbRomePI-SP3 1.0.0.F is unaffected.

AMD EPYC™ Embedded 3000 Series Processors:

Version SnowyOwl_SP4_SP4r2.1.1.0.H is unaffected.

AMD EPYC™ Embedded 9005 Series Processors:

Version EmbTurinPI-SP5_1.0.0.1 is unaffected.

AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"):

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

AMD EPYC™ Embedded 8004 Series Processors:

Version EmbGenoaPI-SP5 1.0.0.B is unaffected.

Exploit Probability

EPSS

0.01%

Percentile

0.46%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2025-29950: Privileged SMM Input Validation Flaw Allows Code ExecCVE-2025-29950 Published on February 10, 2026

Weakness Type

Insufficient Protections on the Volatile Memory Containing Boot Code

Affected Versions

Exploit Probability

CVE-2025-29950: Privileged SMM Input Validation Flaw Allows Code Exec
CVE-2025-29950 Published on February 10, 2026