AMD Security Bulletin AMD-SB-7054, April 2026

Supermicro is aware of the security issue where an incorrect use of LocateProtocol Service could result in privilege escalation from Ring 0 to System Management Mode (SMM), potentially resulting in arbitrary code execution. AMD released mitigations for this vulnerability. AMD released mitigations for this vulnerability. This vulnerability affects BIOS in Supermicro H12, H13, and H14 products.

CVE:

  • CVE-2025-54510
  • Severity: High

Findings:

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation, potentially resulting in arbitrary code execution.

Affected products:

Supermicro BIOS on the server H12, H13, and H14 motherboards.

AMD Motherboard GenerationBIOS Version with Fix
H12 – H12SSW-AN6 – EPYC™ 7002/7003 seriesv 3.5
H12 – H12SSW-iNR/NTR – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSW-iNL/NTL – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DSG-O-CPU – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DST-B – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SST-PS – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSW-iN/NT – EPYC™ 7002/7003 seriesv 3.6
H12 – BH12SSi-M25 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DSU-iN – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSFF-AN6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSL-i/C/CT/NT – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DSi-N6/NT6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSFR-AN6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DSG-Q-CPU6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSG-AN6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DGQ-NT6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12SSG-ANP6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DGO-6 – EPYC™ 7002/7003 seriesv 3.6
H12 – H12DSU-iNR – EPYC™ 7002/7003 seriesv 3.6
H13 – H13SVW-N/NT – EPYC™ 8004 seriesv 1.6
H13 – H13SSW – EPYC™ 9004/9005 seriesv 3.9
H13 – H13DSH – EPYC™ 9004/9005 seriesv 3.9
H13 – H13DSG-O-CPU – EPYC™ 9004/9005 seriesv 3.9
H13 – H13SST-G/GC – EPYC™ 9004/9005 seriesv 3.7
H13 – H13SSL-N/NT – EPYC™ 9004/9005 seriesv 3.9
H13 – H13SSH – EPYC™ 9004/9005 seriesv 3.9
H13 – H13DSG-O-CPU-D – EPYC™ 9004 seriesv 3.8
H13 – H13SSF – EPYC™ 9004/9005 seriesv 3.9
H13 – H13DSG-OM – EPYC™ 9004/9005 seriesv 3.9
H14 – H14DSH – EPYC™ 9004/9005 seriesv 1.9
H14 – H14SST-G – EPYC™ 9004/9005 seriesv 1.9
H14 – H14SST-GE – EPYC™ 9005 seriesv 1.9
H14 – H14DSG-OD – EPYC™ 9004/9005 seriesv 1.9
H14 – H14SHM – EPYC™ 9004/9005 seriesv 2.0
H14 – H14DST-F/FL – EPYC™ 9005 seriesv 1.9
H14 – H14DSG-O-CPU – EPYC™ 9004/9005 seriesv 1.9
H14 – H14SSL-N/NT – EPYC™ 9004/9005 seriesv 2.0
H14 – H14DSG-OM – EPYC™ 9004/9005 seriesv 1.3

Remediation:

  • All affected Supermicro motherboard SKUs will require a BIOS update to mitigate this potential vulnerability.
  • Updated BIOS firmware has been created to mitigate this potential vulnerability. Supermicro is currently testing and validating affected products. Please check Release Notes for the resolution.

Resources: