Missing RMP Init Checks Allow Local Admin to Corrupt Guest Memory Integrity
CVE-2025-48509 Published on February 10, 2026

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity

NVD

Weakness Type

Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.


Affected Versions

AMD EPYC™ 9004 Series Processors: AMD EPYC™ 7003 Series Processors: AMD EPYC™ 9005 Series Processors: AMD EPYC™ 8004 Series Processors: AMD EPYC™ Embedded 7003 Series Processors: AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa"): AMD EPYC™ Embedded 9005 Series Processors: AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo"): AMD EPYC™ Embedded 8004 Series Processors:

Exploit Probability

EPSS
0.02%
Percentile
4.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.