wikiSafety instructions for AMD-SB-4008 AMD Client Processor Vulnerabilities
On February 13th 2025, AMD published the security bulletin AMD-SB-4008. Security vulnerabilities have been discovered in ASP (AMD Secure Processor) and other platform components. [1]
Affected systems
- systems with AMD Ryzen Threadripper 3000 processors
- systems with AMD Ryzen Threadripper PRO 3000WX processors
- systems with AMD Ryzen Threadripper PRO 5000WX processors
Troubleshooting
Here is a tabulation of the relevant CVEs and AGESA & firmware updates to fix for each Threadripper generation, if available.
AMD Ryzen Threadripper 3000:
| safety vulnerability | risk potential | AGESA version |
|---|---|---|
| CVE-2023-31342 | high | not affected |
| CVE-2023-31343 | high | not affected |
| CVE-2023-31345 | high | not affected |
| CVE-2023-20515 | medium | CastlePeakPI-SP3r3
1.0.0.C (2024-09-03) |
| CVE-2021-26387 | low | not affected |
| CVE-2023-20507 | low | not affected |
AMD Ryzen Threadripper PRO 3000WX:
| safety vulnerability | risk potential | AGESA version |
|---|---|---|
| CVE-2023-31342 | high | not affected |
| CVE-2023-31343 | high | not affected |
| CVE-2023-31345 | high | not affected |
| CVE-2023-20515 | medium | CastlePeakWSPI-sWRX8
1.0.0.E (2024-09-03) ChagallWSPI-sWRX8 1.0.0.9 (2024-09-18) |
| CVE-2023-31331 | low | not affected |
| CVE-2023-20507 | low | not affected |
AMD Ryzen Threadripper PRO 5000WX:
| safety vulnerability | risk potential | AGESA version |
|---|---|---|
| CVE-2023-31342 | high | ChagallWSPI-sWRX8
1.0.0.7 (2024-01-11) |
| CVE-2023-31343 | high | ChagallWSPI-sWRX8
1.0.0.7 (2024-01-11) |
| CVE-2023-31345 | high | ChagallWSPI-sWRX8
1.0.0.7 (2024-01-11) |
| CVE-2023-20515 | medium | ChagallWSPI-sWRX8
1.0.0.7 (2024-01-11) |
| CVE-2023-31331 | low | not affected |
| CVE-2023-20507 | low | not affected |
Supermicro published a security bulletin about the security vulnerabilities. A list of BIOS versions for the corresponding mainboards with an AGESA version to close the gaps is also available:[2]
| AMD Motherboard | BIOS version |
|---|---|
| M11SDV-4/8C(T)-LN4F | not affected |
| M12SWA | v2.1a |
| H13SAE-MF | not affected |
| H13SRD-F | not affected |
| H13SRE-F | not affected |
| H13SRH | not affected |
| H13SRA-F | not affected |
| H13SRA-TF | not affected |
Updates for products of Thomas-Krenn
Updates for the corresponding systems can be found in the download area of Thomas-Krenn.
The updates in the download area were tested by us to guarantee the stability and compatibility of our systems.
If you need the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
More information
- vulnerability-via-microcode-update-10278175.html AMD closes serious microcode safety vulnerability – via microcode-update (www.heise.de, 11.02.2025)
References
- ↑ AMD Client Processor Vulnerabilities – February 2025 (www.amd.com/en/resources/product-security, 13.02.2025)
- ↑ AMD Security Vulnerabilities, Februar 2025 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
