VYPR

CWE-1301

Insufficient or Incomplete Data Removal within Hardware Component

BaseIncomplete

Description

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-37

CVEs mapped to this weakness (1)

  • CVE-2025-29946MedFeb 10, 2026
    risk 0.29cvss epss 0.00

    Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.