AMD Security Bulletin AMD-SB-3007, February 2024
Vulnerability Disclosure:
Supermicro is aware of the SEV-SNP Firmware Vulnerabilities. This issue affects AMD EPYC™ 3rd Gen and 4th Gen Processors.
Findings:
| CVE | CVSS Score | CVE Description |
|---|---|---|
| CVE-2023-31346 | Medium | Failure to initialize memory in SEV firmware may allow a privileged attacker to access stale data from other guests. |
| CVE-2023-31347 | Low | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. |
Affected products:
Supermicro BIOS in the H12 and select H13 motherboards.
| AMD Motherboard Generation | BIOS Version with the fix |
|---|---|
| H12 – Milan | v 2.8 |
| H13SSL-N/NC | v 1.8 |
| H13SSW | v 1.8 |
| H13SST-G/GC | v 1.8 |
| H13SSF | v 1.8 |
| H13SSH | v 1.8 |
| H13DSH | v 1.8 |
| H13DSG-O-CPU | v 1.8 |
| H13DSG-O-CPU-D | v 1.8 |
| H13SVW (Siena) | v 1.2 |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.