This update applies to the H11, H12 and H13 families of products powered by 1st/2nd/3rd/4th Gen AMD EPYC™ Processors. This update also applies to M11/M12 and H13 family of products powered by Ryzen™ Threadripper™ processor. Potential vulnerabilities in various platform components were discovered and have been mitigated in AMD EPYC™ and AMD Ryzen™ AGESA™ PI packages.

More Information:

Security Advisories that affect Supermicro BIOS:

• AMD-SB-4004 - AMD Client Vulnerabilities – August 2024
  • Summary: Potential vulnerabilities in AMD Secure Processor (ASP), and other platform components were discovered, and mitigations are being provided in Platform Initialization (PI) firmware packages.
  • Description: Potential vulnerabilities affecting AMD Secure Processor (ASP), and other platform components were found during audits performed internally and by third parties.
  • Severity: High
• AMD-SB-3003 - AMD Server Vulnerabilities – August 2024
  • Summary: Audits performed on AMD EPYC™ uncovered potential vulnerabilities affecting AMD Server platforms.
  • Description: Potential vulnerabilities in AMD EPYC™ Processor platforms affecting AMD Secure Processor (ASP), AMD Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) and other platform components, were found during audits performed internally and by third parties.
  • Severity: High

Affected Products:

Additional Resources

Security Advisories that affect BIOS:

• AMD Security Notice AMD-SN-4004
  • CVE-2022-23815, CVE-2023-20578, CVE-2021-26344, CVE-2022-23817, CVE-2021-26367, CVE-2024-21981, CVE-2021-46746, CVE-2021-26387, CVE-2021-46772, CVE-2023-20518
• AMD Security Notice AMD-SN-3001
  • CVE-2023-20578, CVE-2021-26344, CVE-2023-20591, CVE-2024-21981, CVE-2023-20584, CVE-2021-46746, CVE-2023-31356, CVE-2021-26387, CVE-2021-46772, CVE-2023-20518