This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M11/M12 and H13 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

More Information:

Security Advisories that affect Supermicro BIOS:

• AMD-SB-4008 - AMD Client Vulnerabilities – February 2025
  • Summary: Potential vulnerabilities in AMD Secure Processor (ASP), and other platform components were discovered, and mitigations are being provided in Platform Initialization (PI) firmware packages.
  • Description: Potential vulnerabilities affecting AMD Secure Processor (ASP), and other platform components were found during audits performed internally and by third parties. Mitigation is being provided in Platform Initialization (PI) firmware packages associated with AMD Athlon™ Processors, Ryzen™ Processors and Threadripper™ Processors.
  • Severity: High
• AMD-SB-3009 - AMD Server Vulnerabilities – February 2025
  • Summary: Audits performed on AMD EPYC™ uncovered potential vulnerabilities affecting AMD Server platforms.
  • Description: Potential vulnerabilities in AMD EPYC™ Processor platforms affecting AMD Secure Processor (ASP), AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) and other platform components, were found during audits performed internally and by third parties.
  • Severity: High

Affected Products:

Additional Resources

Security Advisories that affect BIOS:

• AMD Security Notice AMD-SB-4008
  • CVE-2023-31342, CVE-2023-31343, CVE-2023-31345, CVE-2021-26381, CVE-2023-20515, CVE-2021-46757, CVE-2021-26377, CVE-2023-31331, CVE-2023-31326, CVE-2023-20540,CVE-2023-20507
• AMD Security Notice AMD-SB-3009
  • CVE-2023-31342, CVE-2023-31343, CVE-2023-31345, CVE-2023-31352, CVE-2023-20582, CVE-2023-20581