Zero Day MonitorZDM

← Back to list

—

CVE-2025-54509PATCHED

amd · amd epyc 9004 series processors

CVE-2025-54509: Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileg

Description

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

Affected Products

Vendor	Product	Versions
amd	amd epyc 9004 series processors	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
amd	prozessor	cert_advisory	90%
freebsd project	freebsd project freebsd os	cert_advisory	90%
google	google cloud	cert_advisory	90%
hpe	hpe proliant	cert_advisory	90%
lenovo	lenovo computer	cert_advisory	90%

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html

Related News (2 articles)

Tier B

BSI Advisories12h ago

[NEU] [hoch] AMD ARM und EPYC Prozessoren: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2025-54509 | AMD EPYC 9004 Processors prior GenoaPI_1.0.0.H improper access control for register interface

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

GenoaPI_1.0.0.HTurinPI_1.0.0.8EmbGenoaPI-SP5 1.0.0.DEmbeddedTurinPI_SP5_1004

CWECWE-1262

PublishedJun 9, 2026

Last enriched1d agov2

Tags

access controllocal attack

Trending Score30

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2025-54518EXP

CVE-2025-54518: Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to

HIGHCVE-2023-20585EXP

CVE-2023-20585: Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hy

Multiple vulnerabilities in AMD products including ARM CPU translation bypass and AMD Auto Updater

NONECVE-2026-0466

CVE-2026-0466: Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memor

NONECVE-2026-28237

CVE-2026-28237: Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially lead

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026

Updated: affectedVersions, severity, tags

Jun 9, 2026

Patch Available

Jun 9, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include additional EPYC processors, changed severity to HIGH, and noted that no exploit is available.

affectedVersionsseveritytags

via VulDB

v11d ago

Initial creation