SEV-SNP Firmware Vulnerabilities

Bulletin ID: AMD-SB-3007 **Potential Impact:**Data leakage (CVE-2023-31346) and loss of integrity (CVE-2023-31347) **Severity:**Refer to the CVE Details section

Summary

This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below.

CVE Details

Refer to Glossary for explanation of terms

Affected Products and Mitigation

AMD is releasing SEV firmware and Platform Initialization (PI) updates to help mitigate these potential vulnerabilities.

3rd Gen AMD EPYC™ Processors formerly codenamed “Milan"
AMD recommends updating to the Platform Initialization (PI) firmware version indicated below.
For both CVEs, there is an alternative mitigation option provided as Mitigation Option 2, including a SEV firmware patch.

CPUIDs|Mitigation Option 1|Mitigation Option 2
|TCB Values for SNP Attestation
—|—|—|—
0x00A00F11
0x00A00F12|PlatformInitialization (PI)(Requires FW flash)|μcode**(Hot loadable)|SEV FW**(Hot loadable)| TCB[SNP] >= 0x14 Minimum firmware versions to mitigate all listed CVEs| MilanPI
1.0.0.C
(2023-12-18)
CVE-2023-31346| Medium| MilanPI
1.0.0.C
(2023-12-18)| N/A| 1.37.10| TCB[SNP] >= 0x14
CVE-2023-31347| Low| MilanPI
1.0.0.C
(2023-12-18)| N/A| 1.37.10

4th Gen AMD EPYC™ Processors formerly codenamed “Genoa”

AMD recommends updating to the Platform Initialization (PI) firmware version indicated below.
For both CVEs, there is an alternative mitigation option provided as Mitigation Option 2, including a SEV firmware patch.

CPUIDs|Mitigation Option 1|Mitigation Option 2
|TCB Values for SNP Attestation
—|—|—|—
0x00A10F11
0x00A10F12
0x00AA0F0|PlatformInitialization (PI)(Requires FW flash)|μcode**(Hot loadable)|SEV FW**(Hot loadable)| TCB[SNP] >= 0x12 Minimum firmware versions to mitigate all listed CVEs| GenoaPI
1.0.0.B
(2023-12-15)
CVE-2023-31346| Medium| GenoaPI
1.0.0.B
(202312-15)| N/A| 1.37.1E| TCB[SNP] >= 0x12
CVE-2023-31347| Low| GenoaPI
1.0.0.B
(202312-15)| N/A| 1.37.1E