This vulnerability involves a missing lock check (CWE-414) in the AMD Secure Processor firmware of some Zen 5-based AMD EPYC™ 9004 Series processors. The flaw permits a local attacker with administrative privileges to modify memory-mapped I/O (MMIO) routing, which may undermine guest system integrity. The CVSS 4.0 base score is 5.9, reflecting a medium severity with local attack vector, low attack complexity, and no user interaction required. The vulnerability does not affect confidentiality, integrity, or availability directly but impacts system integrity (SI:H). No patch or official fix has been disclosed by AMD as of the published date.

An attacker with local administrative privileges could exploit this vulnerability to alter MMIO routing, potentially compromising the integrity of guest systems hosted on affected AMD EPYC™ 9004 Series processors. This could lead to unauthorized modifications or interference with system operations at the firmware level. However, exploitation requires administrative access, limiting the attack surface. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should restrict administrative access to trusted personnel only and monitor for any unusual activity related to MMIO configurations. No official or temporary fixes have been announced by AMD at this time.