Guest Memory Vulnerabilities

CVE-2023-31355, CVE-2024-21978, CVE-2024-21980
Aug 30, 2024

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

 

Platform

BIOS Release Schedule

AMD EPYC™ 9004 Series Processors

Released

AMD EPYC™ 8004 Series Processors

Released

AMD EPYC™ 7003 Series Processors

Sep 2024

 

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE- 2023-31355

Severity Rating: Medium

Description: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

 

Common Vulnerabilities or Exposures (CVEID): CVE- 2024-21978

Severity Rating: Medium

Description: Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

 

Common Vulnerabilities or Exposures (CVEID): CVE- 2024-21980

Severity Rating: High

Description: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.

 

 

AMD Security Bulletin ID: AMD-SB-3011

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com