AMD Security Bulletin AMD-SB-3020, October 2025

Vulnerability Disclosure:

Supermicro is aware of the security issue where a malicious hypervisor could corrupt the Reverse Map Table (RMP) during Secure Nested Paging (SNP) initialization. This issue affects AMD EPYC™ 3rd, 4th and 5th Gen Processors. This vulnerability affects BIOS in Supermicro H12, H13, and H14 products.

CVE:

  • CVE-2025-0033
    • Severity: Medium

Findings:

AMD reproduced the issue and determined it is due to a race condition that can occur while the AMD Secure Processor (ASP) is initializing the RMP. This attack could allow a malicious hypervisor to manipulate the initial RMP content, potentially resulting in loss of SEV-SNP guest memory integrity. AMD has released mitigations for this vulnerability.

Affected products:

Supermicro BIOS in the server H12, H13, and H14 motherboards.

AMD Motherboard GenerationBIOS Version with Fix
H12 – H12SSW-AN6 – EPYC™ 7003 seriesv 3.4
H12 – H12SSW-iNR/NTR – EPYC 7003 seriesv 3.5
H12 – H12SSW-iNL/NTL – EPYC 7003 seriesv 3.5
H12 – H12DSG-O-CPU – EPYC 7003 seriesv 3.5
H12 – H12DST-B –EPYC 7003 seriesv 3.5
H12 – H12SST-PS –EPYC 7003 seriesv 3.5
H12 – H12SSW-iN/NT –EPYC 7003 seriesv 3.5
H12 – BH12SSi-M25 –EPYC 7003 seriesv 3.5
H12 – H12DSU-iN –EPYC 7003 seriesv 3.5
H12 – H12SSFF-AN6 –EPYC 7003 seriesv 3.5
H12 – H12SSL-i/C/CT/NT – EPYC 7003 seriesv 3.5
H12 – H12DSi-N6/NT6 – EPYC 7003 seriesv 3.5
H12 – H12SSFR-AN6 – EPYC 7003 seriesv 3.5
H12 – H12DSG-Q-CPU6 – EPYC 7003 seriesv 3.5
H12 – H12SSG-AN6 – EPYC 7003 seriesv 3.5
H12 – H12DGQ-NT6 – EPYC 7003 seriesv 3.5
H12 – H12SSG-ANP6 – EPYC 7003 seriesv 3.5
H12 – H12DGO-6 – EPYC 7003 seriesv 3.5
H12 – H12DSU-iNR – EPYC 7003 seriesv 3.5
H13 – H13SSW – EPYC 9004/9005 seriesv 3.7
H13 – H13DSH – EPYC 9004/9005 seriesv 3.7
H13 – H13DSG-O-CPU – EPYC 9004/9005 seriesv 3.8
H13 – H13SST-G/GC – EPYC 9004/9005 seriesv 3.5
H13 – H13SSL-N/NC – EPYC 9004/9005 seriesv 3.7
H13 – H13SSH – EPYC 9004/9005 seriesv 3.7a
H13 – H13DSG-O-CPU-D – EPYC 9004 seriesv 3.7a
H13 – H13SSF – EPYC 9004/9005 seriesv 3.7a
H13 – H13SVW – EPYC 8004 seriesv 1.5
H13 – H13DSG-OM – EPYC 9004/9005 seriesv 3.7a
H14 – H14DSH – EPYC 9004/9005 seriesv 1.7
H14 – H14SST-G – EPYC 9004/9005 seriesv1.7
H14 – H14SST-GE – EPYC 9005 seriesv 1.0
H14 – H14DSG-OD – EPYC 9004/9005 seriesv 1.7a
H14 – H14SHM – EPYC 9005 seriesv 1.7
H14 – H14DST-F/FL – EPYC 9005 seriesv 1.7
H14 – H14DSG-O-CPU – EPYC 9004/9005 seriesv 1.7
H14 – H14SSL-N/NT – EPYC 9005 seriesv 1.7
H14 – H14DSG-OM – EPYC 9004/9005 seriesv 1.1b

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • An updated BIOS firmware had been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Resources: