Skip to main content
AMD Security Bulletin AMD-SB-1041, June 2024

Vulnerability Disclosure:

Supermicro is aware of the potential weakness in AMD SPI protection features. This issue affects AMD EPYC™ 1st, 2nd and 3rd Gen Processors.

CVE:

  • CVE-2022-23829
  • Severity: High

Findings:

There is a potential weakness in SPI protection features in setups where an AMD CPU (includes CPUs in an APU) is connected to ROM through a SPI connection. In this setup, system BIOS uses SPI Protection features to limit ROM write privileges to the BIOS/OEM Controlled SMM handler.

Affected products:

Supermicro BIOS in the H11, H12 motherboards

AMD Motherboard GenerationBIOS Version with the fix
H11 - Naples/Romev 2.8
H12 - Rome/Milanv 2.8

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.