Insufficient or Incomplete Data Removal within Hardware Component

CVE-2025-29946

Medium

4.5/10

Summary

Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.

Attack Complexity: HIGH
Attack Vector: LOCAL
User Interaction: NONE
Privileges Required: HIGH

CWE-1301 - Insufficient or Incomplete Data Removal within Hardware Component

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

References

Advisory Timeline

Published Feb 10, 2026

Insufficient or Incomplete Data Removal within Hardware Component

CVE-2025-29946

Summary

CWE-1301 - Insufficient or Incomplete Data Removal within Hardware Component

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS