AMD Security Bulletin AMD-SB-3019, February 2025

Supermicro is aware of the security vulnerability reported by Google® where an administrator privileged attacker may exploit a weakness in the signature verification algorithm and load arbitrary CPU microcode patches which can result in the loss of SEV-based protection of a confidential guest.

CVE:

  • CVE-2024-56161
    • Severity: High

Findings:

A vulnerability in some AMD CPU processors may allow an attacker with system administrator privilege to load malicious CPU microcode resulting loss of confidentiality and integrity of confidential computing workload of guest VM protected by Secure Encrypted Virtualization (SEV).

Affected products:

AMD Motherboard GenerationBIOS Version with the fix
H11 – EPYC™ 7001/7002 seriesV 3.2
H12 – H12SSW-AN6 – EPYC™ 7002/7003 seriesV 3.2
H12 – H12SSW-iNR/NTR – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSW-iNL/NTL – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DSG-O-CPU – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DST-B – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SST-PS – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSW-iN/NT – EPYC™ 7002/7003 seriesV 3.1
H12 – BH12SSi-M25 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DSU-iN – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSFF-AN6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSL-i/C/CT/NT – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DSi-N6/NT6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSFR-AN6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DSG-Q-CPU6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12SSG-AN6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DGQ-NT6 – EPYC™ 7002/7003 seriesV 3.2
H12 – H12SSG-ANP6 – EPYC™ 7002/7003 seriesV 3.1
H12 – H12DGO-6 – EPYC™ 7002/7003 seriesV 3.2
H12 – H12DSU-iNR – EPYC™ 7002/7003 seriesV 3.1
H13 – H13SSW – EPYC™ 9004/9005 seriesV 3.6
H13 – H13DSH – EPYC™ 9004/9005 seriesV 3.6
H13 – H13DSG-O-CPU – EPYC™ 9004/9005 seriesV 3.6
H13 – H13SST-G/GC – EPYC™ 9004/9005 seriesV 3.4
H13 – H13SSL-N/NC – EPYC™ 9004/9005 seriesV 3.6
H13 – H13SSH – EPYC™ 9004/9005 seriesV 3.5
H13 – H13DSG-O-CPU-D – EPYC™ 9004 seriesv 3.4
H13 – H13SSF – EPYC™ 9004/9005 seriesV 3.6
H13 – H13SVW – EPYC™ 9004v 1.3
H13 – H13DSG-OM – EPYC™ 9004/9005 seriesV 3.6
H14 – H14DSH – EPYC™ 9004/9005 seriesV 1.5
H14 – H14SST – EPYC™ 9004/9005 seriesV 1.5
H14 – H14DSG-OD – EPYC™ 9004/9005 seriesV 1.5
H14 – H14SHM – EPYC™ 9005 seriesV 1.5
H14 – H14DST-F – EPYC™ 9005 seriesV 1.5
H14 – H14DSG-O-CPU – EPYC™ 9005 seriesV 1.5

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • Updated BIOS firmware has been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Additional Resources: