wikiSafety instructions for AMD SB-7033 CPU Microcode Signature Verification Vulnerability
On March 5th 2025, AMD published the security bulletin AMD-SB-7033. Google researchers provided a report with the title AMD microcode “Signature Verification Vulnerability“ for AMD. This vulnerability allows an attacker with system administration rights to load malignant CPU microcode patches. AMD assumes that this problem is caused by a vulnerability of the algorithm for the signature verification that could allow an attacker with administrator rights to load microcode patches. AMD plans to publish remedial measures to solve this problem. [1]
Affected systems
| Code Names | Serie | CPUID |
| Naples | AMD EPYC™ 7001 Series | 0x00800F12 |
| Rome | AMD EPYC™ 7002 Series | 0x00830F10 |
| Milan | AMD EPYC™ 7003 Series | 0x00A00F11 |
| Milan-X | AMD EPYC™ 7003 Series | 0x00A00F12 |
| Genoa | AMD EPYC™ 9004 Series | 0x00A10F11 |
| Genoa-X | AMD EPYC™ 9004 Series | 0x00A10F12 |
| Bergamo/Siena | AMD EPYC™ 9004 Series | 0x00AA0F02 |
| Raphael | AMD EPYC™ 4004 Series | 0x00A60F12 |
Solution
AMD recommends to update the microcode of the affected platforms.
| CVE | Mitigation (Minimum Versions) | |||||
| AMD EPYC™ 7001 Series
“Naples” |
AMD EPYC™ 7002 Series
“Rome” |
AMD EPYC™ 7003 Series
“Milan” |
AMD EPYC™ 9004 Series
“Genoa” |
AMD EPYC™ 9004 Series
“Raphel” | ||
| CVE-2024-56161 | 7.2 (High) | Naples B2 uCode: 0x08001278
Delivered in NaplesPI 1.0.0.P1 (Release: 2024-12-13) |
Rome B0 uCode: 0x0830107D
Delivered in RomePI 1.0.0.L1 (Release: 2024-12-13) |
SEV FW
1.55.29 (hex 1.37.1D) TCB[SNP] = 0x18
uCode Milan: 0x0A0011DB Milan-X: 0x0A001244
(Release: 2024-12-13) |
SEV FW
1.55.40 (hex 1.37.28) TCB[SNP] = 0x17
uCode Genoa: 0x0A101154 Genoa-X: 0x0A10124F Bergamo/Siena: 0x0AA00219
Delivered in: Genoa 1.0.0.E3 (Release: 2024-12-16) |
ComboAM5PI
1.0.0.a (Release: 2025-01-07) ComboAM5PI 1.0.0.4 (Release: Jan’25) ComboAM5PI 1.2.0.3 (Release: 2025-01-08) |
Supermicro has published new BIOS versions with the patches for these safety gaps.[2]
Updates of products for Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to ensure the stability and the compatibility of our systems.
If you need the latest version for your system and it is not yet available in our download area, you can get this version in the downloading area at Asus or Supermicro
References
- ↑ AMD CPU Microcode Signature Verification Vulnerability (www.amd.com, 05.03.2025)
- ↑ AMD Security Bulletin AMD-SB-7033, March 2025 (www.supermicro.com)
