CVE-2025-29943 — Write-what-where Condition in Amd64-microcode

CWE-123 — Write-what-where Condition CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 99.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Amd64-microcode Msrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0

Timeline

PublishedJan 16

Description

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Packages2 packages

▶debiandebian/amd64-microcode< amd64-microcode 3.20251202.1 (forky)

▶msrcmsrc/azl3_mozjs_102.15.1-1_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-4vw8-pffj-q9x7: Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting↗2026-01-16

▶

OSV

CVE-2025-29943: Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting↗2026-01-16

▶

📋Vendor Advisories

Red Hat

AMD EPYC™ 9004 Series Processors: From CVEorg collector↗2026-01-16

▶

Debian

CVE-2025-29943: amd64-microcode - Write what were condition within AMD CPUs may allow an admin-privileged attacker...↗2025

▶

Microsoft

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.↗2024-03-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-29943 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶