wikiSafety instructions for AMD-SB-3015 undermining integrity features of SEV-SNP with memory aliasing
On December 10 in 2024, AMD published the Security Bulletin AMD-SB-3015. This safety vulnerability undermines the integrity of the functions AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) for EPYC processors of the generations 3 & 4.
Improper input validation for SPD (DIMM Serial Presence Detect) metadata could allow an attacker with physical access, Ring0 access to a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update to overwrite guest memory, which can lead to a loss of integrity guest data. [1]
Affected systems
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa and Bergamo processors
Problem solution
AMD recommends the use of storage modules that block SPD as well as the compliance of proven methods for the physical safety. Furthermore, AGESA™- and SEV-FW versions were released to the original equipment manufacturers (OEM) to defuse this problem.
Supermicro published a Security Bulletin for the security vulnerabilities. A list with BIOS versions of the corresponding mainboards, with an AGESA version, to close the gap, is also available:[2]
| AMD motherboard generation | BIOS version |
|---|---|
| H12 - Milan | 3.0 |
| H13 - Genoa | 3.1 |
| H13VW-NT - Siena | 1.3 |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
More information
- channel-undermines-confidential-computing-in-the-cloud-10193941.html BadRAM: historical side channel undermines RAM encryption (www.heise.de, 10.12.2024)
References
- ↑ Undermining Integrity Features of SEV-SNP with Memory Aliasing (www.amd.com/en/resources/product-security, 10.12.2024)
- ↑ AMD Security Bulletin AMD-SB-3015, December 2024 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
