CNNVD-202509-923 Information
CNNVD ID
CNNVD-202509-923
Related CVE
- CNNVD Published: 2025-09-05
Description (Chinese)
AMD Embedded Processors等都是美国超威半导体(AMD)公司的产品。AMD Embedded Processors是一系列嵌入式高性能 GPU。AMD Client Processor是面向客户端设备(如个人电脑、笔记本电脑等)的处理器。AMD Server Processor是面向服务器市场的处理器产品,主要用于数据中心、云计算、高性能计算等领域。 AMD多款产品存在安全漏洞,该漏洞源于加载CPU微码补丁后清理不完整,可能导致特权攻击者降低RDRAND指令的熵,影响SEV-SNP客户端的完整性。以下产品及版本受到影响:AMD Client Processor、AMD Server Processor和AMD Embedded Processors。
Description (English)
AMD Embeded Products and others are products of U.S. superconductor (AMD) companies. AMD Embeded Products is a set of embedded high-performance GPUs. AMD Clinic Processor is a processor for client-oriented devices such as personal computers, laptops, etc. AMD Server Processor is a processor product for the server market and is used mainly in the areas of data centres, cloud computing and high performance computing. There is a safety loophole in the AMD multi-products, which stems from incomplete clean-up after loading CPU microcode patches, which may result in the privileged attacker reducing the entropy of the RDRAND directive, affecting the integrity of the SEV-SNP client. The following products and versions were affected: AMD Clinic Processor, AMD Server Processor and AMD Embededed Procsors.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
超微半导体
Published
2025-09-05
Last Modified
2026-02-24
References
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html https://vigilance.fr/vulnerability/AMD-EPYC-Processor-multiple-vulnerabilities-dated-13-08-2025-47969
Patch
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html
Share on: