Guest Memory Vulnerabilities
Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.
|
Platform |
BIOS Release Schedule |
|
AMD EPYC™ 9004 Series Processors |
Released |
|
AMD EPYC™ 8004 Series Processors |
Released |
|
AMD EPYC™ 7003 Series Processors |
Released |
The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.
Common Vulnerabilities or Exposures (CVEID): CVE- 2023-31355
Severity Rating: Medium
Description: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
Common Vulnerabilities or Exposures (CVEID): CVE- 2024-21978
Severity Rating: Medium
Description: Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
Common Vulnerabilities or Exposures (CVEID): CVE- 2024-21980
Severity Rating: High
Description: Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
AMD Security Bulletin ID: AMD-SB-3011
*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.
*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.
*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com
