wikiSecurity advisories on AMD-SB-4013
On February 10th, 2025, AMD published the AMD-SB-4013 Security Bulletin[1] with a variety of security vulnerabilities.
Affected systems
- Systems with AMD Ryzen Threadripper PRO 3000WX processors
- Systems with AMD Ryzen Threadripper PRO 5000WX processors
- Systems with AMD Ryzen Threadripper 7000 / PRO 7000WX processors
- Systems with AMD Ryzen Threadripper 9000 / PRO 9000WX processors
Troubleshooting
Here is a table listing the corresponding CVEs and corrective measures for each Threadripper generation, if available.
AMD Ryzen Threadripper PRO 3000WX
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2021-26381 | 7.1 (high) | ChagallWSPI-sWRX8 1.0.0.2 (2022-01-20)
CastlePeakWSPI-sWRX8 1.0.0.9 (2022-01-20) |
| CVE-2024-21961 | 6.0 (medium) | no fix planned |
| CVE-2024-36355 | 7.0 (high) | ChagallWSPI-sWRX8-1.0.0.B (2024-12-24)
CastlePeakWSPI-sWRX8 1.0.0.G (2024-12-30) |
| CVE-2025-29949 | 4.8 (medium) | ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
CastlePeakWSPI-sWRX8 1.0.0.H (2025-03-31) |
| CVE-2025-29950 | 7.1 (high) | ChagallWSPI-sWRX8 1.0.0.C (2025-04-03)
CastlePeakWSPI-sWRX8 1.0.0.I (2025-10-27) |
| CVE-2025-52533 | 8.7 (high) | Fix in Key Distribution Server (KDS) |
AMD Ryzen Threadripper PRO 5000WX
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2021-26381 | 7.1 (high) | ChagallWSPI-sWRX8 1.0.0.1 (2021-11-10) |
| CVE-2024-36355 | 7.0 (high) | ChagallWSPI-sWRX8-1.0.0.B (2024-12-24) |
| CVE-2025-29949 | 4.8 (medium) | ChagallWSPI-sWRX8 1.0.0.C (2025-04-03) |
| CVE-2025-29950 | 7.1 (high) | ChagallWSPI-sWRX8 1.0.0.C (2025-04-03) |
| CVE-2025-52533 | 8.7 (high) | Fix in Key Distribution Server (KDS) |
AMD Ryzen Threadripper 7000
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2024-36310 | 4.6 (medium) | StormPeakPI-SP6_1.1.0.0j (2025-06-11) |
| CVE-2024-36355 | 7.0 (high) | StormPeakPI-SP6 1.1.0.0i (2024-12-18) |
| CVE-2025-29950 | 7.1 (high) | ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07) |
| CVE-2025-52533 | 8.7 (high) | Fix in Key Distribution Server (KDS) |
AMD Ryzen Threadripper PRO 7000WX
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2024-36310 | 4.6 (medium) | StormPeakPI-SP6_1.0.0.1l (2025-06-18)
StormPeakPI-SP6_1.1.0.0j (2025-06-11) |
| CVE-2024-36355 | 7.0 (high) | StormPeakPI-SP6 1.0.0.1k (2024-12-20)
StormPeakPI-SP6 1.1.0.0i (2024-12-18) |
| CVE-2025-29950 | 7.1 (high) | ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07)
StormPeakPI-SP6_1.0.0.1l (2025-06-18) StormPeakPI-SP6_1.1.0.0j (2025-06-11) |
| CVE-2025-52533 | 8.7 (high) | Fix in Key Distribution Server (KDS) |
AMD Ryzen Threadripper 9000
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2025-29950 | 7.1 (high) | ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07) |
| CVE-2025-54514 | 4.8 (medium) | ShimadaPeakPI-SP6_1.0.0.1b (2025-07-28) |
AMD Ryzen Threadripper PRO 9000WX
| Security vulnerability | Risk potential: | AGESA version |
|---|---|---|
| CVE-2024-21961 | 6.0 (medium) | No fix planned |
| CVE-2024-36355 | 7.0 (high) | ComboAM5 1.1.0.3c (2025-01-27)
ComboAM5 1.2.0.3d (2025-04-29) |
| CVE-2025-29950 | 7.1 (high) | ShimadaPeakPI-SP6_1.0.0.1 (2025-05-07) |
| CVE-2025-54514 | 4.8 (medium) | ShimadaPeakPI-SP6_1.0.0.1b (2025-07-28) |
| CVE-2025-52533 | 8.7 (high) | Fix in Key Distribution Server (KDS) |
Updates for products from Thomas-Krenn
Updates on the corresponding system can be found in the download area of Thomas-Krenn. The versions in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system, but it is not yet available in our download area, you can get it at Asus or Supermicro.
References
- ↑ AMD Athlon™ and AMD Ryzen™ Processor Vulnerabilities – February 2026 (www.amd.com/en/resources/product-security)
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
