wikiSafety Instructions for AMD-SB-7027 AMD SMM vulnerabilities
On February 11th 2025, AMD has published the security bulletin AMD-SB-7027. Quarkslab has announced safety gaps that allow an attacker to execute the code in SMM (System Management Mode). CVE-2024-21925 results in an insufficient validation of the input buffer within the UEFI module AmdPspP2CmboxV2. CVE-2024-0179 is a SMM (System Management Mode) callout vulnerability within the UEFI module AmdCpmDisplayFeatureSMM. Both vulnerabilities can allow a ring-0 attacker to expand its privileges in the system, which can result in a malicious code. [1]
Affected systems
AMD EPYC Systeme:
- systems with "Zen 1" AMD EPYC 7001 Naples processors
- systems with "Zen 2" AMD EPYC 7002 Rome processors
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa und Bergamo as well as 8004 Siena processors
AMD Threadripper systems:
- systems with "Zen 2" AMD Ryzen Threadripper 3000 Castle Peak processors
- systems with "Zen 3" AMD Ryzen Threadripper PRO 3000WX/5000WX Castle Peak und Chagall processors
- systems with "Zen 4" AMD Ryzen Threadripper 7000 Storm Peak processors
Troubleshooting
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the respective EPYC generation, if available.
AMD EPYC 7001 Naples (CPUID: 0x00800F12):
| safety gap | risk potential: | AGESA Version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | not affected |
| CVE-2024-21925 | 8.2 (high) | Naples PI 1.0.0.N
(2024-09-17) |
AMD EPYC 7002 Rome (CPUID: 0x00830F10h):
| safety gap | risk potential: | AGESA Version |
|---|---|---|
| CVE-2024-0179 | 8.2 (Hoch) | not affected |
| CVE-2024-21925 | 8.2 (Hoch) | Rome PI 1.0.0.K
(2024-09-05) |
AMD EPYC 7003 Milan (CPUID: 0x00A00F11) and Milan-X (CPUID: 0x00A00F12):
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (Hoch) | not affected |
| CVE-2024-21925 | 8.2 (high) | Milan PI 1.0.0.E
(2024-09-05) |
AMD EPYC 9004 Genoa (CPUID: 0x00A10F11), Genoa-X (CPUID: 0x00A10F12) and Bergamo/Siena (CPUID: 0x00AA0F0):
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | not affected |
| CVE-2024-21925 | 8.2 (high) | Genoa PI 1.0.0.D
(2024-08-20) |
AMD Ryzen Threadripper 3000 Castle Peak:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | CastlePeakPI-SP3r3
1.0.0.D (2024-11-14) |
| CVE-2024-21925 | 8.2 (high) | CastlePeakPI-SP3r3
1.0.0.D (2024-11-14) |
AMD Ryzen Threadripper PRO 3000WX Castle Peak und Chagall:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | CastlePeakWSPI-sWRX8
1.0.0.F (2024-11-14) |
| CVE-2024-21925 | 8.2 (Hoch) | ChagallWSPI-sWRX8
1.0.0.9 (2024-09-18) CastlePeakWSPI-sWRX8 1.0.0.F (2024-11-14) |
AMD Ryzen Threadripper PRO 5000WX Castle Peak and Chagall:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | not affected |
| CVE-2024-21925 | 8.2 (high) | ChagallWSPI-sWRX8
1.0.0.9 (2024-09-18) |
AMD Ryzen Threadripper 7000 Storm Peak:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-0179 | 8.2 (high) | StormPeakPI-SP6
1.1.0.0h (2024-10-05) StormPeakPI-SP6 1.0.0.1j (2024-10-31) |
| CVE-2024-21925 | 8.2 (high) | StormPeakPI-SP6
1.1.0.0h (2024-10-05) StormPeakPI-SP6 1.0.0.1j (2024-10-31) |
Supermicro has published a security bulletin for the safety gaps. A list of BIOS versions of the corresponding mainboards, with AGESA version to close the gaps, is also available:[2]
Server:
| AMD motherboard | BIOS version |
|---|---|
| H11 – Naples/Rome | 3.1 |
| H12 – Rome/Milan | 3.1 |
| H13 – Genoa | 3.1 |
| H13 – Siena | 1.3 |
| H14 - Turin | 1.1 |
| H13 MI300X (H13DSG-OM) | 3.2 |
Client:
| AMD motherboard | BIOS version |
|---|---|
| M11SDV-4/8C(T)-LN4F | 1.5 |
| M12SWA-TF | 2.3 |
| H13SAE-MF | not affected |
| H13SRD-F | not affected |
| H13SRE-F | not affected |
| H13SRH | 1.6 |
| H13SRA-F | 1.6 |
| H13SRA-TF | 1.6 |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you need the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
References
- ↑ AMD SMM Vulnerabilities - February 2025 (www.amd.com/en/resources/product-security, 11.02.2025)
- ↑ AMD Security Bulletin AMD-SB-7027, February 2025 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
