AMD INVD Instruction Security Notice

Bulletin ID: AMD-SB-3005 **Potential Impact:**Memory integrity **Severity:**Medium

Summary

External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine (VM) memory integrity.

CVE Details

Refer to Glossary for explanation of terms

CVE	Severity	CVE Description
CVE-2023-20592	Medium	Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

Affected Products

1st Gen AMD EPYC™ Processors (SEV and SEV-ES)

2nd Gen AMD EPYC™ Processors (SEV and SEV-ES)

3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP)

Mitigation

No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.

As a mitigation for the potential vulnerability, AMD has provided a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”) for customers with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled. No performance impact is expected from the patch.

This issue has not been found to impact AMD 4th generation “Genoa” EPYC™ processors (“Zen 4” microarchitecture).

The Platform Initialization package (PI) versions listed below are planned to be released to the Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.

Please note AMD is deploying the µcode patch in two ways, as a standalone patch with an updated SEV firmware image and/or as part of a platform initialization (PI) package update. For mitigation prior to Platform Initialization (PI) package release, the µcode patch and SEV firmware image should be installed. The µcode patch should be applied before initializing the SEV-SNP feature via the SNP_INIT_EX command, and if the RMP was previously initialized, the RMP should be re-initialized by setting INIT_RMP to 1. The µcode patch and SEV firmware image will be included in the PI package update when it becomes available.

CPUIDs|Mitigation Option 1|Mitigation Option 2|TCB Values
for
SNP Attestation
—|—|—|—

0x00A00F11

0x00A00F12|

Platform Initialization (PI)

(Requires FW flash)|

μcode

(Hot loadable)|

SEV FW

(Hot loadable-refer to above for instructions)|

TCB[SNP]>=0x14
**AND **B1 – TCB[MICROCODE]>=0xD1

B2 –TCB[MICROCODE]>=0x34
Minimum firmware versions to mitigate all applicable CVEs below| MilanPI 1.0.0.C
(Target Dec 2023)
CVE-2023-20592| 5.3 (Medium)| MilanPI 1.0.0.C
(Target Dec 2023)|

Milan B1 – 0x0A0011D1

Milan-X B2 – 0x0A001234| 1.37.10|

TCB[SNP]>=0x14
**AND **B1 – TCB[MICROCODE]>=0xD1

B2 –TCB[MICROCODE]>=0x34