AMD Security Bulletin AMD-SB-7009, February 2024
Vulnerability Disclosure:
Supermicro is aware of the AMD Processor Vulnerabilities. This issue affects AMD EPYC™ 1st Gen, AMD EPYC™ 2nd Gen, AMD EPYC™ 3rd Gen and 4th Gen Processors.
Findings:
| CVE | CVSS Score | CVE Description |
|---|---|---|
| CVE-2023-20576 | High | Insufficient Verification of Data Authenticity in AGESATM may allow an attacker to update SPI ROM data potentially resulting in denial of service or privilege escalation. |
| CVE-2023-20577 | High | A heap overflow in SMM module may allow an attacker with access to a second vulnerability that enables writing to SPI flash, potentially resulting in arbitrary code execution. |
| CVE-2023-20579 | High | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. |
| CVE-2023-20587 | High | Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. |
Affected products:
Supermicro BIOS in the H11, H12 and select H13 motherboards
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H11 - Naples | v 2.8 |
| H11 - Rome | v 1.4 |
| H12 – Rome/Milan | v 2.8 |
| H13SSW | v 1.6 |
| H13DSH | v 1.6 |
| H13DSG-O-CPU | v 1.6a |
| H13SST-G/GC | v 1.6 |
| H13SSL-N/NC | v 1.6 |
| H13SSH | v 1.7 |
| H13DSG-O-CPU-D | v 1.6 |
| H13SSF | v 1.6 |
| H13SVW-NT | v 1.1b |
| H13DSG-OM | v 1.0 |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.