AMD Security Bulletin AMD-SB-3019, February 2025
Vulnerability Disclosure:
Supermicro is aware of the security vulnerability reported by Google® where an administrator privileged attacker may exploit a weakness in the signature verification algorithm and load arbitrary CPU microcode patches which can result in the loss of SEV-based protection of a confidential guest.
CVE:
- CVE-2024-56161
- Severity: High
Findings:
A vulnerability in some AMD CPU processors may allow an attacker with system administrator privilege to load malicious CPU microcode resulting loss of confidentiality and integrity of confidential computing workload of guest VM protected by Secure Encrypted Virtualization (SEV).
Affected products:
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H11 – EPYC™ 9001/9002 series | V 3.2 |
| H12 – H12SSW-AN6 – EPYC 9002/9003 series | V 3.2 |
| H12 – H12SSW-iNR/NTR – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSW-iNL/NTL – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DSG-O-CPU – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DST-B – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SST-PS – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSW-iN/NT – EPYC 9002/9003 series | V 3.1 |
| H12 – BH12SSi-M25 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DSU-iN – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSFF-AN6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSL-i/C/CT/NT – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DSi-N6/NT6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSFR-AN6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DSG-Q-CPU6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12SSG-AN6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DGQ-NT6 – EPYC 9002/9003 series | V 3.2 |
| H12 – H12SSG-ANP6 – EPYC 9002/9003 series | V 3.1 |
| H12 – H12DGO-6 – EPYC 9002/9003 series | V 3.2 |
| H12 – H12DSU-iNR – EPYC 9002/9003 series | V 3.1 |
| H13 – H13SSW – EPYC 9004/9005 series | v 3.4a |
| H13 – H13DSH – EPYC 9004/9005 series | v 3.4a |
| H13 – H13DSG-O-CPU – EPYC 9004/9005 series | v 3.4 |
| H13 – H13SST-G/GC – EPYC 9004/9005 series | v 3.1 |
| H13 – H13SSL-N/NC – EPYC 9004/9005 series | v 3.4 |
| H13 – H13SSH – EPYC 9004/9005 series | v 3.3 |
| H13 – H13DSG-O-CPU-D – EPYC 9004 series | v 3.4 |
| H13 – H13SSF – EPYC 9004/9005 series | v 3.4 |
| H13 – H13SVW – EPYC 9004 series | v 1.3 |
| H13 – H13DSG-OM – EPYC 9004/9005 series | v 3.4 |
| H14 – H14DSH – EPYC 9004/9005 series | v 1.3a |
| H14 – H14SST – EPYC 9004/9005 series | v 1.3 |
| H14 – H14DSG-OD – EPYC 9004/9005 series | v 1.3 |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- Updated BIOS firmware has been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.