Medium severityNVD Advisory· Published Feb 10, 2026· Updated Apr 15, 2026
CVE-2025-48517
CVE-2025-48517
Description
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.