メインコンテンツに移動
AMD Security Bulletin AMD-SB-3007, February 2024

Vulnerability Disclosure:

Supermicro is aware of the SEV-SNP Firmware Vulnerabilities. This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors.

Findings:

CVECVSS ScoreCVE Description
CVE-2023-31346MediumFailure to initialize memory in SEV firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-31347LowDue to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.

Affected products:

Supermicro BIOS in the H12 and select H13 motherboards.

AMD Motherboard GenerationBIOS Version with the fix
H12 – Milanv 2.8
H13SSL-N/NCv 1.8
H13SSWv 1.8
H13SST-G/GCv 1.8
H13SSFv 1.8
H13SSHv 1.8
H13DSHv 1.8
H13DSG-O-CPUv 1.8
H13DSG-O-CPU-Dv 1.8
H13SVW (Siena)v 1.2

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.