跳转到主要内容
AMD Security Bulletin AMD-SB-7009, February 2024

Vulnerability Disclosure:

Supermicro is aware of the AMD Processor Vulnerabilities. This issue affects AMD EPYC™ 1st Gen, AMD EPYC™ 2nd Gen, AMD EPYC™ 3rd Gen and 4th Gen Processors.

Findings:

CVECVSS ScoreCVE Description
CVE-2023-20576HighInsufficient Verification of Data Authenticity in AGESATM may allow an attacker to update SPI ROM data potentially resulting in denial of service or privilege escalation.
CVE-2023-20577HighA heap overflow in SMM module may allow an attacker with access to a second vulnerability that enables writing to SPI flash, potentially resulting in arbitrary code execution.
CVE-2023-20579HighImproper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
CVE-2023-20587HighImproper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

Affected products:

Supermicro BIOS in the H11, H12 and select H13 motherboards

AMD Motherboard GenerationBIOS Version with the fix
H11 - Naplesv 2.8
H11 - Romev 1.4
H12 – Rome/Milanv 2.8
H13SSWv 1.6
H13DSHv 1.6
H13DSG-O-CPUv 1.6a
H13SST-G/GCv 1.6
H13SSL-N/NCv 1.6
H13SSHv 1.7
H13DSG-O-CPU-Dv 1.6
H13SSFv 1.6
H13SVW-NTv 1.1b
H13DSG-OMv 1.0

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.