Preface: Because this is a hardware-level configuration deficiency, software-level barriers inside the OS kernel cannot fully prevent it. The definitive mitigation requires applying AGESA firmware/microcode updates provided by your motherboard OEM or cloud vendor (Supermicro, Google Cloud, etc.) to correctly enforce register sealing at the hardware layer before platform boot transitions control to the hypervisor.

Background: Please refer to the illustration; point 3 of the illustration emphasizes the use of a Type 1 bare-metal hypervisor to eliminate host operating system overhead for high-throughput workloads such as large-scale video streaming. While a Type-1 hypervisor maximizes efficiency, it actually amplifies the blast radius of this flaw: if an attacker manages to compromise that highly-privileged bare-metal hypervisor layer, the lack of hardware lock bits grants them unhindered access to issue the writel() commands depicted in your code, compromising every independent tenant stream residing on that physical node.

Root Cause & Code Analysis Verification (Block 4 & 5)

• Unprotected MMIO Routing: Your diagram accurately captures the essence of CWE-1233 (Security-Sensitive Hardware Controls with Missing Lock Bit Protection). In normal operating states, the Northbridge I/O (NBIO) registers that gate access to the System Management Network (SMN) must be permanently locked following BIOS/platform initialization.
• The Index/Data Side Path: Your C code correctly models how a compromised hypervisor module or a local attacker with Ring-0 privileges uses an MMIO window (0xB8 for index, 0xBC for data) to execute arbitrary reads and writes across the internal SMN fabric. Because lock bits are missing or un-enforced, the host operating system retains full hardware manipulation rights post-boot.

Vulnerability details: CVE-2025-61972 Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in AMD Secure Processor (ASP) and loss of the SEV-SNP guest’s confidentiality and integrity.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3030.html