wikiSecurity Advisories for AMD-SB-3009 AMD Server Processor Vulnerabilities, February 2025
On February 11th 2025, AMD published security bulletin AMD-SB-3009. Vulnerabilities have been discovered in AMD Secure Processor (ASP), AMD Secure Encrypted Virtualization (SEV), AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) and other platform components. [1]
Affected systems
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa and Bergamo processors
Troubleshooting
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the respective EPYC generation, if available.
AMD EPYC 7003 Milan (CPUID: 0x00A00F11) and Milan-X (CPUID: 0x00A00F12):
| safety vulnerability | risk potential | AGESA version |
|---|---|---|
| CVE-2023-31342 | 7.5 (high) | MilanPI 1.0.0.C
(2023-12-18) |
| CVE-2023-31343 | 7.5 (high) | MilanPI 1.0.0.C
(2023-12-18) |
| CVE-2023-31345 | 7.5 (high) | MilanPI 1.0.0.C
(2023-12-18) |
| CVE-2023-31352 | 6.0 (medium) | not affected |
| CVE-2023-20582 | 5.3 (medium) | not affected |
| CVE-2023-20581 | 2.5 (low) | not affected |
AMD EPYC 9004 Genoa (CPUID: 0x00A10F11), Genoa-X (CPUID: 0x00A10F12) and Bergamo/Siena (CPUID: 0x00AA0F0):
| safety vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-31342 | 7.5 (high) | GenoaPI 1.0.0.B
(2023-12-15) |
| CVE-2023-31343 | 7.5 (high) | GenoaPI 1.0.0.B
(2023-12-15) |
| CVE-2023-31345 | 7.5 (high) | GenoaPI 1.0.0.B
(2023-12-15) |
| CVE-2023-31352 | 6.0 (medium) | GenoaPI 1.0.0.C
(2024-04-04) + SEV FW1.55.36 (hex 1.37.24) (2024-04-23) |
| CVE-2023-20582 | 5.3 (medium) | |
| CVE-2023-20581 | 2.5 (low) |
Supermicro published a security bulletin about the safety vulnerabilities. A list with BIOS versions of the corresponding mainboards, with an AGESA version, to close the vulnerability, is also available:[2]
| AMD Motherboard | BIOS version |
|---|---|
| H12 – Milan | 3.0 |
| H12 – Rome | not affected |
| H13 – Genoa | 1.9 |
| H13 – Siena (H13SVW) | 1.2 |
| H13 – MI 300A (H13QSH) | 1.0 |
Updates for products of Thomas-Krenn
Updates for corresponding systems can be found in the download area of Thomas-Krenn. Updates in the download area for corresponding systems have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
More information
- AMD closes serious microcode-vulnerabilities – via microcode-update (www.heise.de, 11.02.2025)
References
- ↑ AMD Server Processor Vulnerabilities – February 2025 (www.amd.com/en/resources/product-security, 11.02.2025)
- ↑ AMD Security Vulnerabilities, February 2025 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
