AMD Security Bulletin AMD-SB-6008, February 2025
Vulnerability Disclosure:
Supermicro is addressing the security vulnerabilities in Power Management Firmware (PMFW), AMD System Management Unit (SMU) that affect Supermicro H13 MI300X H13DSG-OM product.
CVE:
- CVE-2024-21971
- Severity: Medium
- CVE-2024-20508
- Severity: Medium
Findings:
- CVE-2024-21971:
- Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
- CVE-2024-20508:
- Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
Affected products:
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H13 – MI300X (H13DSG-OM) | Not affected |
| AMD Server | GPU Firmware Bundle/BKC |
|---|---|
| H13 AS-8125GS-TNMR2 (H13DSG-OM) | v 24.12 |
Remediation:
- All affected Supermicro product SKUs will require a GPU firmware update to mitigate this potential vulnerability.
- An updated GPU firmware has been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.