AMD Security Bulletin AMD-SB-7033, March 2025

Vulnerability Disclosure:

Supermicro is aware of the security issue reported by Google® known as “AMD Microcode Signature Verification Vulnerability” which is caused by a weakness in the signature verification algorithm and the vulnerability could allow an administrator privileged attacker, the ability to load arbitrary CPU microcode patches.

CVE:

  • CVE-2024-36347
    • Severity: Medium
  • CVE-2024-56161
    • Severity: High

Findings:

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Affected products:

AMD Motherboard GenerationBIOS Version with the fix
H11 – EPYC™ 9001/9002 seriesV 3.2
H12 – H12SSW-AN6 – EPYC 9002/9003 seriesV 3.2
H12 – H12SSW-iNR/NTR – EPYC 9002/9003 seriesV 3.1
H12 – H12SSW-iNL/NTL – EPYC 9002/9003 seriesV 3.1
H12 – H12DSG-O-CPU – EPYC 9002/9003 seriesV 3.1
H12 – H12DST-B – EPYC 9002/9003 seriesV 3.1
H12 – H12SST-PS – EPYC 9002/9003 seriesV 3.1
H12 – H12SSW-iN/NT – EPYC 9002/9003 seriesV 3.1
H12 – BH12SSi-M25 – EPYC 9002/9003 seriesV 3.1
H12 – H12DSU-iN – EPYC 9002/9003 seriesV 3.1
H12 – H12SSFF-AN6 – EPYC 9002/9003 seriesV 3.1
H12 – H12SSL-i/C/CT/NT – EPYC 9002/9003 seriesV 3.1
H12 – H12DSi-N6/NT6 – EPYC 9002/9003 seriesV 3.1
H12 – H12SSFR-AN6 – EPYC 9002/9003 seriesV 3.1
H12 – H12DSG-Q-CPU6 – EPYC 9002/9003 seriesV 3.1
H12 – H12SSG-AN6 – EPYC 9002/9003 seriesV 3.1
H12 – H12DGQ-NT6 – EPYC 9002/9003 seriesV 3.2
H12 – H12SSG-ANP6 – EPYC 9002/9003 seriesV 3.1
H12 – H12DGO-6 – EPYC 9002/9003 seriesV 3.2
H12 – H12DSU-iNR – EPYC 9002/9003 seriesV 3.1
H13 – H13SSW – EPYC 9004/9005 seriesv 3.4a
H13 – H13DSH – EPYC 9004/9005 seriesv 3.4a
H13 – H13DSG-O-CPU – EPYC 9004/9005 seriesv 3.4
H13 – H13SST-G/GC – EPYC 9004/9005 seriesv 3.1
H13 – H13SSL-N/NC – EPYC 9004/9005 seriesv 3.4
H13 – H13SSH – EPYC 9004/9005 seriesv 3.3
H13 – H13DSG-O-CPU-D – EPYC 9004 seriesv 3.4
H13 – H13SSF – EPYC 9004/9005 seriesv 3.4
H13 – H13SVW – EPYC 9004 seriesv 1.3
H13 – H13DSG-OM – EPYC 9004/9005 seriesv 3.4
H14 – H14DSH – EPYC 9004/9005 seriesv 1.3a
H14 – H14SST – EPYC 9004/9005 seriesv 1.3
H14 – H14DSG-OD – EPYC 9004/9005 seriesv 1.3

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Resources:

お問合せ / サービス

追加リソース

製品マトリクス