wikiSafety instructions for AMD-SB-4011 TPM Reference Implementation
On June 10th 2025, AMD published the Security Bulletin AMD-SB-4011. The Vulnerability Response Team (VRT) of the Trusted Computing Group (TCG) announced a potential out of bounds (OOB) read security vulnerability in the reference implementation of the Trusted Platform Module (TPM) 2.0 codes. This vulnerability can be used by programms in user mode by sending commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation. If the vulnerability is successfully used, an attacker could read out data or possibly affect the function of the module (CVE-2025-2884). [1]
Affected systems
- systems with "Zen 3" AMD Ryzen Threadripper PRO 3000WX/5000WX Castle Peak and Chagall processors
- systems with "Zen 4" AMD Ryzen Threadripper PRO 7000WX Storm Peak processors
Problem solution
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the respective CPU generation, if available.
AMD Ryzen Threadripper PRO 3000WX Castle Peak and Chagall:
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2025-2884 | 6.6 (medium) | ChagallWSPI-sWRX8-1.0.0.A
(2024-11-20) |
| CVE-2025-2884 | 6.6 (medium) | CastlePeakWSPI-sWRX8
1.0.0.F (2024-11-14) |
AMD Ryzen Threadripper PRO 5000WX Chagall:
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2025-2884 | 6.6 (medium) | ChagallWSPI-sWRX8-1.0.0.A
(2024-11-20) |
AMD Ryzen Threadripper PRO 7000WX Storm Peak
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2025-2884 | 6.6 (medium) | StormPeakPI-SP6
1.0.0.1j (2024-10-31) |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro
References
- ↑ TPM Reference Implementation - June 2025 (www.amd.com/en/resources/product-security, 10.06.2025)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
