wikiSafety instructions for AMD-SB-7028 AMD SMM Callout Vulnerability
On February 11th 2025, AMD published the security bulletin AMD-SB-7028. Safety gaps in AmdPlatformRasSspSmm drivers were found. Eclypsium reported on a SMM callout safety gap in AmdPlatformRasSspSmm UEFI module that is supported by a multitude of processors. The gap could enable an attacker to execute any code in the system management mode.
AMD analyses revealed that it would be possible for a ring 0 attacker to change boot service charts. This could link to its own code and execute a potentially malicious program. [1]
Affected systems
AMD EPYC systems:
- systems with "Zen 2" AMD EPYC 7002 Rome processors
AMD Threadripper systems:
- systems with AMD Ryzen Threadripper PRO 3000 processors
- systems with AMD Ryzen Threadripper PRO 3000WX processors
- systems with AMD Ryzen Threadripper PRO 7000WX processors
Troubleshooting
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the respective EPYC generation, if available.
AMD EPYC 7002 Rome (CPUID: 0x00830F10h):
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-21924 | 8.2 (high) | Rome PI 1.0.0.K
(2024-09-05) |
AMD Ryzen Threadripper 3000 Castle Peak:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-21924 | 8.2 (Hoch) | ChagallWSPI-sWRX8
1.0.0.9 (2024-09-18) CastlePeakWSPI-sWRX8 1.0.0.E (2024-09-03) |
AMD Ryzen Threadripper PRO 3000WX Castle Peak and Chagall:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-21924 | 8.2 (Hoch) | ChagallWSPI-sWRX8
1.0.0.9 (2024-09-18) |
AMD Ryzen Threadripper 7000 Storm Peak:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-21924 | 8.2 (high) | StormPeakPI-SP6
1.0.0.1j (2024-10-31) StormPeakPI-SP6 1.1.0.0h (2024-11-05) |
Supermicro published a security bulletin for the safety gaps. A list with BIOS versions. A list with BIOS versions of the corresponding mainboards, with a AGESA version, to close the gap, is also available:[2]
| AMD motherboard | BIOS version |
|---|---|
| H11 – Rome | 3.1 |
| H12 – Rome | 3.1 |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates of the download area have been tested by us to guarantee the stability and the compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
References
- ↑ AMD SMM Callout Vulnerability - February 2025 (www.amd.com/en/resources/product-security, 11.02.2025)
- ↑ AMD Security Bulletin AMD-SB-7028, February 2025 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
