AMD EPYC 2nd Gen Processor 사용환경에서, 보안취약패치 필요

증상

AMD EPYC 2nd Generation Processor(ROME)를 사용하는 환경에서, 민감한 데이터(암호 또는 암호화 키 등)가 유출될 수 있는 취약점이 발견 및 보고됨

 

Note. 관련 정보는 HPE SECURITY BULLETIN HPESBHF04504에서 지속 관리됨에 필요 시 참조.

 

 

원인

AMD Processor에서 수행되는 예측 실행(일반적 성능 향상을 위한 예측 분기) 기능을 통한 부적절한 사용

 

 

환경

AMD EPYC 2nd Generation Processor(ROME)을 사용하는 모든 Gen10/Gen10 plus System

 

 

솔루션

Action Item

What: 각 System의 최신 System ROM 적용

Gen10 BIOS Version 2.80_07-31-2023 or later

Gen10 Plus BIOS Version 2.80_07-31-2023 or later

 

관련문서:

HPESBHF04504 rev.1 - Certain HPE ProLiant AMD Servers Using AMD EPYC Processors, AMD-SB-7008, Cross-Process Information Leak (Zenbleed) Security Notice, Local Disclosure of Information

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04504en_us

 

RESOLUTION

HPE has provided updated BIOS firmware to address this vulnerability in HPE ProLiant Gen10, and Gen10 Plus Servers with affected AMD EPYC 2nd Gen (Zen 2) Processors.

Gen10 BIOS Version 2.80_07-31-2023 or later

Gen10 Plus BIOS Version 2.80_07-31-2023 or later

 

Bulletin: HPE Apollo/Cray/ProLiant Servers - Mitigation Instructions for AMD Cross-Process Information Leak (CVE-2023-20593/Zenbleed) in Certain AMD Processors

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00135009en_us

 

AMD Cross-Process Information Leak (CVE-2023-20593/Zenbleed) in Certain AMD Processors

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sd00001284en_us&page=GUID-CBA38545-F06C-44B1-86D9-5A687F51E656.html

 

Cross-Process Information Leak

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

 

 

 

Note. Dell 및 Lenovo System에 대한 정보는 아래 참조:

Lenovo - AMD Cross-Process Information Leak
https://support.lenovo.com/us/en/product_security/ps500571-amd-cross-process-information-leak

Product Component Minimum Fixed Version
SR635 (ThinkSystem) Lenovo ThinkSystem SR635/SR655 UEFI Firmware                      CFE138F
SR645 (ThinkSystem) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E132G
SR655 (ThinkSystem) Lenovo ThinkSystem SR635/SR655 UEFI Firmware                      CFE138F
SR665 (ThinkSystem) Lenovo ThinkSystem SR645/SR665 UEFI Firmware (For AnyOS) D8E132G


Dell - DSA-2023-209: Security Update for Dell AMD-based PowerEdge Server Vulnerabilities
https://www.dell.com/support/kbdoc/ko-kr/000216119/dsa-2023-209-security-update-for-dell-amd-based-poweredge-server-vulnerabilities
Remediated Versions Version 2.12.4 or later