wikiSecurity advisories on AMD-SB-3023
On February 10th, 2025, AMD published the AMD-SB-3023 Security Bulletin[1] with a variety of security vulnerabilities.
Affected systems
- systems with "Zen 1" AMD EPYC 7001 Naples processors
- systems with "Zen 2" AMD EPYC 7002 Rome processors
- systems with "Zen 3" AMD EPYC 7003 Milan processors
- systems with "Zen 4" AMD EPYC 9004 Genoa and Bergamo & 8004 Siena processors
- systems with "Zen 5" AMD EPYC 9005 Turin processors
Troubleshooting
Here is a table listing the corresponding CVEs and corrective measures for each EPYC generation, if available.
AMD EPYC 7001 Naples
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-29950 | 7.1 (high) | NaplesPI 1.0.0.R (2025-07-31) | N/A | N/A |
| CVE-2025-52533 | 8.7 (high) | no fix planned | N/A | N/A |
AMD EPYC 7002 Rome
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-29950 | 7.1 (high) | RomePI 1.0.0.N (2025-08-14) | N/A | N/A |
| CVE-2024-21961 | 6.0 (medium) | Workaround in Custom BIOS Settings (CBS) | N/A | N/A |
| CVE-2025-52533 | 8.7 (high) | no fix planned | N/A | N/A |
AMD EPYC 7003 Milan:
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-48514 | 4.0 (medium) | MilanPI 1.0.0.H (2025-09-04) | SEV FW 1.37.23
SPL[SEV]=0x1B mitigation bit=3 |
B1:0x0A0011DE
B2:0x0A001247 |
| CVE-2025-29939 | 6.9 (medium) | MilanPI 1.0.0.H (2025-09-04) | SEV FW 1.37.23
SPL[SEV]=0x1B mitigation bit=3 |
N/A |
| CVE-2025-48509 | 1.8 (low) | MilanPI 1.0.0.H (2025-09-04) | SEV FW 1.37.23
SPL[SEV]=0x1B mitigation bit=3 |
N/A |
| CVE-2025-0031 | 4.6 (medium) | MilanPI 1.0.0.H (2025-09-04) | SEV FW 1.37.20
SPL[SEV]=0x1A |
N/A |
| CVE-2025-52536 | 6.7 (medium) | MilanPI 1.0.0.H (2025-09-04) | SEV FW 1.37.1F
SPL[SEV]=0x1A |
N/A |
| CVE-2025-29950 | 7.1 (high) | MilanPI 1.0.0.H (2025-09-04) | N/A | N/A |
| CVE-2025-52533 | 3.8 (low) | MilanPI 1.0.0.G (2025-01-30) | N/A | N/A |
AMD EPYC 8004 Siena:
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-48514 | 4.0 (medium) | GenoaPI 1.0.0.H (2025-12-15) | SEV FW 1.37.31
SPL[SEV]=0x1B mitigation bit=3 |
A2:0x0AA0021B |
| CVE-2025-29939 | 6.9 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.31
SPL[SEV]=0x1B mitigation bit 0 |
N/A |
| CVE-2025-48509 | 1.8 (low) | GenoaPI 1.0.0.F (2025-03-28) | SEV FW 1.37.2A
SPL[SEV]=0x18 mitigation bit=3 |
N/A |
| CVE-2025-0031 | 4.6 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2B
SPL[SEV]=0x19 |
N/A |
| CVE-2025-52536 | 6.7 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2B
SPL[SEV]=0x19 |
N/A |
| CVE-2024-21953 | 5.9 (medium) | GenoaPI 1.0.0.F (2025-03-28) | SEV FW 1.37.2A
SPL[SEV]=0x18 |
N/A |
AMD EPYC 9004 Bergamo / Siena:
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-48514 | 4.0 (medium) | GenoaPI 1.0.0.H (2025-12-15) | SEV FW 1.37.31
SPL[SEV]=0x1B mitigation bit=3 |
A2:0x0AA0021B |
| CVE-2025-29939 | 6.9 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.31
SPL[SEV]=0x1B mitigation bit 3 |
N/A |
| CVE-2025-48509 | 1.8 (low) | GenoaPI 1.0.0.F (2025-03-28) | SEV FW 1.37.2A
SPL[SEV]=0x18 mitigation bit=3 |
N/A |
| CVE-2025-0031 | 4.6 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2B
SPL[SEV]=0x19 |
N/A |
| CVE-2025-52536 | 6.7 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2B
SPL[SEV]=0x19 |
N/A |
| CVE-2025-29950 | 7.1 (high) | GenoaPI 1.0.0.G (2025-06-27) | N/A | N/A |
AMD EPYC 9004 Genoa:
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-48514 | 4.0 (medium) | GenoaPI 1.0.0.H (2025-12-15) | SEV FW 1.37.31
SPL[SEV]=0x1B |
B1: 0x0A101156
B2:0x0A101251 |
| CVE-2025-29939 | 6.9 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.31
SPL[SEV]=0x1B |
N/A |
| CVE-2025-52536 | 6.7 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.3D
SPL[SEV]=0x2 |
N/A |
| CVE-2025-48509 | 1.8 (low) | GenoaPI 1.0.0.F (2025-03-28) | SEV FW 1.37.2A
SPL[SEV]=0x18 mitigation bit=3 |
N/A |
| CVE-2025-0031 | 4.6 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2A
SPL[SEV]=0x18 |
N/A |
| CVE-2025-52536 | 6.7 (medium) | GenoaPI 1.0.0.G (2025-06-27) | SEV FW 1.37.2B
SPL[SEV]=0x19 |
N/A |
| CVE-2025-29950 | 7.1 (high) | GenoaPI 1.0.0.G (2025-06-27) | N/A | N/A |
| CVE-2024-36310 | 4.6 (medium) | GenoaPI 1.0.0.G (2025-06-27) | N/A | N/A |
| CVE-2024-36355 | 7.0 (high) | GenoaPI 1.0.0.E (2024-12-16) | N/A | N/A |
AMD EPYC 9005 Turin / Turin Dense
| Security vulnerability | Risk potential: | AGESA version | SEV FW | µcode |
|---|---|---|---|---|
| CVE-2025-48514 | 4.0 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
C1:0x0B002151
Dense B0: 0x0B10104E |
| CVE-2025-54514 | 4.8 (medium) | TurinPI 1.0.0.6 (2025-06-30) | N/A | BRH C1: 0x0B002151
BRHD B0: 0x0B10104E |
| CVE-2025-29939 | 6.9 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
N/A |
| CVE-2025-29946 | 4.5 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
N/A |
| CVE-2025-29948 | 5.9 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
N/A |
| CVE-2025-29952 | 5.9 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
N/A |
| CVE-2025-48517 | 4.6 (medium) | TurinPI 1.0.0.6 (2025-06-30) | SEV FW 1.37.41
SPL[SEV]=0x4 mitigation bit=3 |
N/A |
| CVE-2025-52536 | 6.7 (medium) | TurinPI 1.0.0.5 (2025-04-18) | SEV FW 1.37.3D
SPL[SEV]=0x2 |
N/A |
| CVE-2025-48509 | 1.8 (low) | TurinPI 1.0.0.5 (2025-04-18) | SEV FW 1.37.3D
SPL[SEV]=0x2 |
N/A |
| CVE-2025-0031 | 4.6 (medium) | TurinPI 1.0.0.5 (2025-04-18) | SEV FW 1.37.3D
SPL[SEV]=0x2 |
N/A |
| CVE-2025-0029 | 1.8 (low) | TurinPI 1.0.0.5 (2025-04-18) | N/A | N/A |
| CVE-2025-29950 | 7.1 (high) | TurinPI 1.0.0.6 (2025-06-30) | N/A | N/A |
| CVE-2024-36310 | 4.6 (medium) | TurinPI 1.0.0.4 (2025-03-04) | N/A | N/A |
| CVE-2025-0012 | 6.8 (medium) | TurinPI 1.0.0.4 (2025-03-04) | N/A | C1: 0x0B002147
Dense B0: 0x0B101047 |
| CVE-2025-52534
only Turin Dense |
5.3 (medium) | TurinPI 1.0.0.6 (2025-06-30) | N/A | Dense B0: 0x0B10104E |
Supermicro published a Security Bulletin on the security vulnerabilities. A list with BIOS-versions of the corresponding mainboards, with an AGESA version to close the gap, is also available. In the following, there is an excerpt from this table in which all mainboards, that are offered by Thomas-Krenn, are listed: [2]
| AMD motherboard | BIOS version |
|---|---|
| H11 - EPYC 7001 / 7002 | 3.5 |
| H12SSW-iN/NT | 3.5 |
| H12SSL-i/C/CT/NT | 3.5 |
| H12DSi-N6/NT6 | 3.5 |
| H13SSW | 3.8 |
| H13SSL-N/NC | 3.8 |
Updates for products from Thomas-Krenn
Updates on the corresponding system can be found in the download area of Thomas-Krenn. The versions in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
References
- ↑ AMD EPYC™ and AMD EPYC™ Embedded Series Processor Vulnerabilities – February 2026 (www.amd.com/en/resources/product-security)
- ↑ AMD Security Bulletin AMD-SB-3023, February 2026 (www.supermicro.com)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
