wikiSafety instructions for AMD-SB-7029
On July 8th 2025, AMD published the Security Bulletin AMD-SB-7029 [1]. After reviewing the Microsoft report "Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks" [2], AMD discovered multiple vectors for "Transient Scheduler attacks" (TSA). By exploiting certain timings during the execution of instructions under certain microarchitectural conditions, side-channel attacks can be used to access memory data.
Furthermore, AMD published a PDF guide with additional information on these attacks.[3]
Affected systems
AMD EPYC systems:
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa and Bergamo & 8004 Siena
AMD Threadripper systems:
- systems with AMD Ryzen Threadripper PRO 7000WX processors
Problem solution
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the respective EPYC / Threadripper generation, if available.
AMD EPYC 7003 Milan:
| safety gap | risk potential | AGESA version |
|---|---|---|
| CVE-2024-36350 | 5.6 (medium) | MilanPI 1.0.0.G + OS updates (2025-01-29) |
| CVE-2024-36357 | 5.6 (medium) | MilanPI 1.0.0.G + OS updates (2025-01-29) |
| CVE-2024-36348 | 3.8 (low) | no fix needed |
| CVE-2024-36349 | 3.8 (low) | no fix needed |
AMD EPYC 9004 Genoa/Bergamo & 8004 Siena:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-36350 | 5.6 (medium) | GenoaPI 1.0.0.E + OS updates (2024-12-16) |
| CVE-2024-36357 | 5.6 (medium) | GenoaPI 1.0.0.E + OS updates (2024-12-16) |
| CVE-2024-36348 | 3.8 (low) | no fix needed |
| CVE-2024-36349 | 3.8 (low) | no fix needed |
AMD Ryzen Threadripper 7000 Storm Peak:
| safety gap | risk potential: | AGESA version |
|---|---|---|
| CVE-2024-36350 | 5.6 (medium) | StormPeakPI-SP6 1.1.0.0i + OS updates (2024-12-16)
StormPeakPI-SP6 1.0.0.1k + OS updates (2024-12-19) |
| CVE-2024-36357 | 5.6 (medium) | StormPeakPI-SP6 1.1.0.0i + OS updates (2024-12-16)
StormPeakPI-SP6 1.0.0.1k + OS updates (2024-12-19) |
| CVE-2024-36348 | 3.8 (low) | no fix needed |
| CVE-2024-36349 | 3.8 (low) | no fix needed |
Supermicro published a Security Bulletin for the safety gaps. A list with BIOS versions of the corresponding mainboards, with an AGESA version, to close the gap is also available. In the following, there is an extract of this chart in which all mainboards are listed that are offered by Thomas Krenn: [4]
| AMD motherboard | BIOS version |
|---|---|
| H12SSW-iN/NT | 3.3 |
| H12SSL-i/C/CT/NT | 3.3 |
| H12DSi-N6/NT6 | 3.3 |
| H13SSW | 3.5 |
| H13SSL-N/NC | 3.4 |
Updates for the products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
References
- ↑ AMD Transient Scheduler Attacks, Juli 2025 (www.amd.com/en/resources/product-security)
- ↑ Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks, Juli 2025 (www.microsoft.com)
- ↑ Mitigating Transient Scheduler Attacks - Juli 2025 (www.amd.com)
- ↑ AMD Security Bulletin AMD-SB-7029, Juli 2025 (www.supermicro.com)
More information
- gaps-in-different-modern-Ryzen-and-Epyc-processors-AMDs-10479679.html New safety gaps in different modern Ryzen and Epyc processors AMDs (www.heise.de, 09.07.2025)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
