AMD Security Bulletin AMD-SB-3029, November 2025
Vulnerability Disclosure:
Supermicro is aware of the security issue where Stale RLB Entry could allow Secure Nested Paging (SNP) active virtual central processing units (vCPUs) to reuse TLB entries from other virtual machines (VMs), potentially compromising data integrity. AMD released mitigations for this vulnerability. This vulnerability affects BIOS in Supermicro H12, H13, and H14 products.
CVE:
- CVE-2025-29934
- Severity: Medium
Findings:
This microcode vulnerability in some AMD EPYC™ CPUs could allow a local admin-privileged attacker to run Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) guests using stale TLB entries.
Affected products:
Supermicro BIOS on the server H12, H13, and H14 motherboards.
| AMD Motherboard Generation | BIOS Version with Fix |
|---|---|
| H12 – H12SSW-AN6 – EPYC™ 7002/7003 series | v 3.2 |
| H12 – H12SSW-iNR/NTR – EPYC 7002/7003 series | v 3.1 |
| H12 – H12SSW-iNL/NTL – EPYC 7002/7003 series | v 3.1 |
| H12 – H12DSG-O-CPU – EPYC 7002/7003 series | v 3.3 |
| H12 – H12DST-B – EPYC 7002/7003 series | v 3.1 |
| H12 – H12SST-PS – EPYC 7002/7003 series | v 3.1 |
| H12 – H12SSW-iN/NT – EPYC 7002/7003 series | v 3.1 |
| H12 – BH12SSi-M25 – EPYC 7002/7003 series | v 3.1 |
| H12 – H12DSU-iN – EPYC 7002/7003 series | v 3.1 |
| H12 – H12SSFF-AN6 – EPYC 7002/7003 series | v 3.1 |
| H12 – H12SSL-i/C/CT/NT – EPYC 7002/7003 series | v 3.1 |
| H12 – H12DSi-N6/NT6 – EPYC 7002/7003 series | v 3.3 |
| H12 – H12SSFR-AN6 – EPYC 7002/7003 series | v 3.1 |
| H12 – H12DSG-Q-CPU6 – EPYC 7002/7003 series | v 3.2 |
| H12 – H12SSG-AN6 – EPYC 7002/7003 series | v 3.3 |
| H12 – H12DGQ-NT6 – EPYC 7002/7003 series | v 3.3 |
| H12 – H12SSG-ANP6 – EPYC 7002/7003 series | v 3.3 |
| H12 – H12DGO-6 – EPYC 7002/7003 series | v 3.2 |
| H12 – H12DSU-iNR – EPYC 7002/7003 series | v 3.5 |
| H13 – H13SVW-N/NT – EPYC 8004 series | v 1.5 |
| H13 – H13SSW – EPYC 9004/9005 series | v 3.7 |
| H13 – H13DSH – EPYC 9004/9005 series | v 3.7 |
| H13 – H13DSG-O-CPU – EPYC 9004/9005 series | v 3.8 |
| H13 – H13SST-G/GC – EPYC 9004/9005 series | v 3.5 |
| H13 – H13SSL-N/NC – EPYC 9004/9005 series | v 3.7 |
| H13 – H13SSH – EPYC 9004/9005 series | v 3.7a |
| H13 – H13DSG-O-CPU-D – EPYC 9004 series | v 3.7a |
| H13 – H13SSF – EPYC 9004/9005 series | v 3.7 |
| H13 – H13DSG-OM – EPYC 9004/9005 series | v 3.7a |
| H14 – H14DSH – EPYC 9004/9005 series | v 1.7a |
| H14 – H14SST-G – EPYC 9004/9005 series | v 1.6 |
| H14 – H14SST-GE – EPYC 9005 series | v 1.0 |
| H14 – H14DSG-OD – EPYC 9004/9005 series | v 1.7a |
| H14 – H14SHM – EPYC 9004/9005 series | v 1.7 |
| H14 – H14DST-F/FL – EPYC 9005 series | v 1.5 |
| H14 – H14DSG-O-CPU – EPYC 9004/9005 series | v 1.7a |
| H14 – H14SSL-N/NT – EPYC 9004/9005 series | v 1.7 |
| H14 – H14DSG-OM – EPYC 9004/9005 series | v 1.1a |
Remediation:
- All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
- An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.