AMD Security Bulletin AMD-SB-7033, March 2025

Vulnerability Disclosure:

Supermicro is aware of the security issue reported by Google® known as “AMD Microcode Signature Verification Vulnerability” which is caused by a weakness in the signature verification algorithm and the vulnerability could allow an administrator privileged attacker, the ability to load arbitrary CPU microcode patches.

CVE:

CVE-2024-36347
- Severity: Medium
CVE-2024-56161
- Severity: High

Findings:

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.

Affected products:

AMD Motherboard Generation	BIOS Version with the fix
H11 – EPYC™ 9001/9002 series	V 3.2
H12 – H12SSW-AN6 – EPYC 9002/9003 series	V 3.2
H12 – H12SSW-iNR/NTR – EPYC 9002/9003 series	V 3.1
H12 – H12SSW-iNL/NTL – EPYC 9002/9003 series	V 3.1
H12 – H12DSG-O-CPU – EPYC 9002/9003 series	V 3.1
H12 – H12DST-B – EPYC 9002/9003 series	V 3.1
H12 – H12SST-PS – EPYC 9002/9003 series	V 3.1
H12 – H12SSW-iN/NT – EPYC 9002/9003 series	V 3.1
H12 – BH12SSi-M25 – EPYC 9002/9003 series	V 3.1
H12 – H12DSU-iN – EPYC 9002/9003 series	V 3.1
H12 – H12SSFF-AN6 – EPYC 9002/9003 series	V 3.1
H12 – H12SSL-i/C/CT/NT – EPYC 9002/9003 series	V 3.1
H12 – H12DSi-N6/NT6 – EPYC 9002/9003 series	V 3.1
H12 – H12SSFR-AN6 – EPYC 9002/9003 series	V 3.1
H12 – H12DSG-Q-CPU6 – EPYC 9002/9003 series	V 3.1
H12 – H12SSG-AN6 – EPYC 9002/9003 series	V 3.1
H12 – H12DGQ-NT6 – EPYC 9002/9003 series	V 3.2
H12 – H12SSG-ANP6 – EPYC 9002/9003 series	V 3.1
H12 – H12DGO-6 – EPYC 9002/9003 series	V 3.2
H12 – H12DSU-iNR – EPYC 9002/9003 series	V 3.1
H13 – H13SSW – EPYC 9004/9005 series	v 3.4a
H13 – H13DSH – EPYC 9004/9005 series	v 3.4a
H13 – H13DSG-O-CPU – EPYC 9004/9005 series	v 3.4
H13 – H13SST-G/GC – EPYC 9004/9005 series	v 3.1
H13 – H13SSL-N/NC – EPYC 9004/9005 series	v 3.4
H13 – H13SSH – EPYC 9004/9005 series	v 3.3
H13 – H13DSG-O-CPU-D – EPYC 9004 series	v 3.4
H13 – H13SSF – EPYC 9004/9005 series	v 3.4
H13 – H13SVW – EPYC 9004 series	v 1.3
H13 – H13DSG-OM – EPYC 9004/9005 series	v 3.4
H14 – H14DSH – EPYC 9004/9005 series	v 1.3a
H14 – H14SST – EPYC 9004/9005 series	v 1.3
H14 – H14DSG-OD – EPYC 9004/9005 series	v 1.3

Remediation:

All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Resources:

AMD Security Notice AMD-SN-3019
- CVE-2024-36347

机架服务器

1U 双处理器

2U 双处理器

单处理器

多处理器

产品系列

GPU 服务器

8U/10U GPU 系列

4U/5U GPU 系列

2U GPU 系列

1U GPU 系列

Twin 服务器

FlexTwin™

BigTwin®

GrandTwin®

TwinPro®

Twin

FatTwin®

刀片服务器

SuperBlade®

MicroBlade®

MicroCloud

存储系列服务器

所有存储系列产品

全闪存 NVMe

顶部装载存储

JBOF

Petascale Grace Storage

企业优化的存储

主板

机箱

SuperRack®

辅助配件

Edge & Telecom Servers

Fanless Edge Systems

Compact Edge Systems

Edge GPU Systems

Outdoor Edge Systems

1U Edge Network Systems

5G/Telecom Systems

嵌入式组件

嵌入式/物联网主板

嵌入式系統机箱

交换机

网路卡

超级工作站

Liquid-Cooled AI Development Platform

单处理器

双处理器

Supero™ 游戏解決方案

人工智能基础设施

人工智能超级集群

企业人工智能解决方案

边缘人工智能

人工智能存储

NVIDIA 解决方案

AMD 解决方案

Intel 解决方案

HPC

机架解决方案

液体冷却

数据管理

人工智能存储

软件定义存储和內存

超融合基础架构

Veeam

企业应用和数据分析

数据工程

数据库和 ERP

Microsoft

云端和虚拟化

Cloud Service Providers (CSPs)

Google Distributed Cloud

Canonical OpenStack

Red Hat OpenStack

Kubernetes

虚拟桌面

5G、Edge Computing 和 IoT

电信解决方案

Rakuten Symphony