Full Report
HPE security advisory (AV26-164)
Analysis Summary
# Vulnerability: Guest-Initiated Denial of Service in HPE ProLiant AMD Servers
## CVE Details
- **CVE ID:** CVE-2023-31355 (referenced via AMD-SB-7059)
- **CVSS Score:** 5.5 (Medium)
- **CWE:** CWE-20 (Improper Input Validation) / CWE-400 (Uncontrolled Resource Consumption)
## Affected Systems
- **Products:** HPE ProLiant Gen10 and Gen10 Plus AMD-based servers (DL and XL series).
- **Versions:** Systems utilizing AMD EPYC™ 7001, 7002, and 7003 Series Processors.
- **Configurations:** Virtualized environments where Guest VMs are managed by a Hypervisor.
## Vulnerability Description
The vulnerability stems from an issue with how certain AMD EPYC processors handle specific guest-initiated instructions or sequences. A malicious guest OS can trigger a "Machine Check Error" (MCE) on the host processor. Because the processor enters a checkstop state to protect data integrity, the entire host system halts, leading to a Denial of Service (DoS) for all other tenants on the physical server.
## Exploitation
- **Status:** Not exploited in the wild (publicly disclosed via coordinated vulnerability research).
- **Complexity:** Low (Can be triggered by a guest VM with standard privileges).
- **Attack Vector:** Local (via Guest OS).
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (Total system crash/forced reboot required).
## Remediation
### Patches
HPE has released updated System ROM (BIOS/UEFI) versions containing the AMD-provided microcode fixes (Capsule updates).
- **HPE ProLiant DL325/385 Gen10/Gen10 Plus:** Update to the latest System ROM versions released in the February 2026 cycle (refer to specific model support pages for version numbers).
### Workarounds
There are no effective software-level workarounds that can be applied within the Guest OS. The mitigation must be applied at the firmware level (System ROM/Microcode). Ensure that only trusted administrators have the ability to run arbitrary code in guest environments.
## Detection
- **Indicators of Compromise:** Look for "Machine Check Exception" (MCE) logs in the Integrated Lights Out (iLO) Integrated Management Log (IML).
- **Detection Methods:** Audit hypervisor logs for unexpected host reboots and monitor for specific AMD Error Codes related to "Guest Initiated Machine Check" in the CPU registers.
## References
- **HPE Security Advisory (AV26-164):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbhf05021en_us
- **AMD Security Bulletin:** hxxps[://]www[.]amd[.]com/en/resources/product-security/bulletin/amd-sb-7059[.]html
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/hpe-security-advisory-av26-164