**Lenovo Security Advisory:**LEN-60063
**Potential Impact:**Arbitrary code execution
**Severity:**Medium
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2020-12967, CVE-2021-26311
Summary Description:
AMD has reported vulnerabilities in AMD Secure Encrypted Virtualization (SEV)/Secure Encrypted Virtualization-Encrypted State (SEV-ES), a technology designed to isolate virtual machines (VMs) from the hypervisor in virtualized environments, which could potentially lead to arbitrary code execution within guest virtual machines.
Mitigation Strategy for Customers (what you should do to protect yourself):
AMD is not releasing updated firmware to address these vulnerabilities. AMD has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC (βMilanβ) processors.
The mitigation requires the use of SEV-SNP, which is only supported on 3rd Gen AMD EPYC (βMilanβ).
Prior generations of AMD EPYC (1st Gen βNaplesβ and 2nd Gen βRomeβ) do not support SEV-SNP. For earlier AMD EPYC products , AMD recommends following security best practices.
For additional information on SEV-SNP and SEV/SEV-ES please refer to AMD"s white paper here.
To determine the AMD EPYC processor generation of affected systems, please refer to the Processor options section of the Product Guides listed in the Product Impact Section below.
References:
<https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1004>
<https://lenovopress.com/lp1383-thinkagile-hx3375-appliance-and-thinkagile-hx3376-certified-node>
<https://lenovopress.com/lp1160-thinksystem-sr635-server>
<https://lenovopress.com/lp1280-thinksystem-sr645-server>
Revision History:
Revision | Date | Description |
---|---|---|
3 | 2021-08-20 | Updated Product Impact and Mitigation Strategy sections |
2 | 2021-07-13 | Updated Product Impact section |
1 | 2021-05-11 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.