AMD Security Bulletin AMD-SB-3005
Vulnerability Disclosure:
Supermicro is aware of the AMD INVD Instruction security vulnerability. This issue affects 1st Gen AMD EPYC™ Processors (SEV and SEV-ES), 2nd Gen AMD EPYC™ Processors (SEV and SEV-ES), and 3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP).
CVE:
- CVE-2023-20592
- Severity: Medium
Affected products:
Supermicro BIOS in the H11 and H12 motherboards
Remediation:
Supermicro is currently working on updating BIOS to mitigate this issue. This page will be updated as additional information becomes available.
Note (per AMD): No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.