Advanced Micro Devices or AMD has been steadily increasing its market share and rising above its major competitor, Intel. The company has recently published three security bulletins that address the security vulnerabilities affecting its EPYC processors and the Radeon graphics driver for Windows 10.
Although many of these vulnerabilities have been marked as High severity, they are mitigated with a driver update and AGESA packages. AMD has addressed 22 potential vulnerabilities which are affecting three generations of EPYC processors: EPYC 7001 (Naples), EPYC 7002 (Rome), and EPYC 7003 (Milan).
These vulnerabilities can specifically target the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components.
However to solve and as an answer to these exploits, AMD has distributed the NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C, and MilanPI-SP3_1.0.0.4 AGESA updates to its OEM partners. Contact your OEM for the update soon if you’re running one of AMD’s EPYC chips which might be affected by these vulnerabilities.
AMD also reported that most of the mainstream users need to have at least Radeon Adrenalin 21.4.1 installed on their devices, which isn’t a big problem assuming that most, if not all, users should already be on the latest 21.11.2 version.
However, enterprise users are needed to make sure that they’re running at the very least the Radeon Pro Enterprise 21.Q2 driver. But, yet again, this isn’t an issue since the latest 21.Q3 driver has been available since September.
The last security vulnerability targets AMD’s μProf tool, and it will analyze application performance on operating systems, including Windows, Linux, and FreeBSD. The chipmaker recommends users update the μProf tool to version 3.4.394 on Windows and 3.4-502 on Linux.
