AMD Security Bulletin AMD-SB-1041, June 2024
Vulnerability Disclosure:
Supermicro is aware of the potential weakness in AMD SPI protection features. This issue affects AMD EPYC™ 1st, 2nd and 3rd Gen Processors.
CVE:
- CVE-2022-23829
- Severity: High
Findings:
There is a potential weakness in SPI protection features in setups where an AMD CPU (includes CPUs in an APU) is connected to ROM through a SPI connection. In this setup, system BIOS uses SPI Protection features to limit ROM write privileges to the BIOS/OEM Controlled SMM handler.
Affected products:
Supermicro BIOS in the H11, H12 motherboards
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H11 - Naples/Rome | v 2.8 |
| H12 - Rome/Milan | v 2.8 |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.