wikiSafety instructions for AMD-SB-3020
On October 13th, 2025, AMD published the AMD-SB-3020 Security Bulletin [1]. Insufficient access control within AMD SEV-SNP (AMD Secure Encrypted Virtualization – Secure Nested Paging) could allow an attacker with administrator privileges to write to the RMP during SNP initialization, which could lead to a loss of integrity in the SEV-SNP guest memory.
Affected systems
AMD EPYC Systeme:
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa and Bergamo & 8004 Siena processors
- systems with "Zen 5" AMD EPYC 9005 Turin processors
Solution for the problem
Here is a table listing the corresponding CVEs and AGESA/firmware updates for remediation for each EPYC generation, if available.
AMD EPYC 7003 Milan & Milan-X:
| security vulnerability | risk potential: | AGESA version | SEV FW + µcode |
|---|---|---|---|
| CVE-2025-0033 | 6.0 (Mittel) | AGESA MilanPI 1.0.0.H | SEV FW Milan: hex 1.37.23
SPL=0x1B
Milan: 0x0A0011DE Milan-X: 0xA001245 |
AMD EPYC 8004 Siena & AMD EPYC 9004 Genoa/Genoa-X:
| security vulnerability | risk potential: | AGESA version | SEV FW + µcode |
|---|---|---|---|
| CVE-2025-0033 | 6.0 (Mittel) | AGESA GenoaPI 1.0.0.H | SEV FW Genoa 1.37.31
SPL=0x1B
Genoa: 0x0A0011DE Genoa-X: 0xA001245 Bergamo/Siena: 0x0AA0021B |
AMD EPYC 9005 Turin:
| security vulnerability | risk potential: | AGESA version | SEV FW + µcode |
|---|---|---|---|
| CVE-2025-0033 | 6.0 (Mittel) | AGESA Turin PI 1.0.0.6 | SEV FW Turin 1.37.41
SPL=0x04
Turin Classic: 0x0B002150 Turin Dense: 0x0B10104D |
Supermicro published a Security Bulletin for the security vulnerabilities. A list with BIOS-versions of the corresponding mainboards with an AGESA-version, to close the gaps, is also available. Below is an excerpt from this table, which includes all motherboards that are offered by Thomas-Krenn: [2]
| AMD motherboard | BIOS version |
|---|---|
| H12SSW-iN/NT | 3.5 |
| H12SSL-i/C/CT/NT | 3.5 |
| H12DSi-N6/NT6 | 3.5 |
| H13SSW | 3.7 |
| H13SSL-N/NT | 3.7 |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. Updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro
References
- ↑ SEV-SNP RMP Initialization Vulnerability (www.amd.com/en/resources/product-security)
- ↑ AMD Security Bulletin AMD-SB-3020, October 2025 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
