CVE-2025-48514
Publication date 10 February 2026
Last updated 27 February 2026
Ubuntu priority
Description
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Ignored no real-world users |
Notes
rodrigo-zaiden
affects ucode and SEV FW, the later is supported in microcode package starting from noble. This is not planned to be fixed for the amd64-microcode package in Ubuntu 14.04 as that release was already outside of the LTS timeframe when this hardware platform was launched AMD released ucode patches for: AMD EPYC™ 7003 Series: B1:0x0A0011DE; B2:0x0A001247 AMD EPYC™ 8004/9004 Series ("Bergamo"/"Siena"): A2:0x0AA0021B AMD EPYC™ 9004 Series ("Genoa"): B1: 0x0A101156; B2:0x0A101251 AMD EPYC™ 9005 Series: C1:0x0B002151; Dense B0: 0x0B10104E All these patches are included in upstream Version: 2025-07-29: Microcode patches in microcode_amd_fam19h.bin: Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011de Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001247 Length=5568 bytes Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa0021c Length=5568 bytes Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101158 Length=5568 bytes Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101253 Length=5568 bytes Microcode patches in microcode_amd_fam1ah.bin: Family=0x1a Model=0x02 Stepping=0x01: Patch=0x0b002151 Length=14368 bytes Family=0x1a Model=0x11 Stepping=0x00: Patch=0x0b10104e Length=14368 bytes AMD advertises that: "Applying mitigation CVE-2025-48514 will result in disabling SEV-ES when SEV-SNP is enabled"