AMD: Patch your Ryzen and EPYC systems now as the company has just released a list of 31 new CPU Vulnerabilities

More From Author

See more articles

India CEOs Dominating Global Companies: From Microsoft to Chanel...

India-origin executives are redefining global leadership, with 226 leaders of Indian origin now heading the world's most...

Full Form IT in 2025: What are the best...

Full Form IT: The Best Guide IT stands for information technology in its entire form. Computers are utilised...

Full Form of ITI: What does it mean in...

Full Form of ITI: Here's everything to know about ITI Full Form of ITI: ITI is an abbreviation...

In a January update, AMD quietly disclosed 31 new CPU vulnerabilities spanning its Ryzen consumer chips and EPYC data centre processors. The vulnerability update also includes a list of AGESA versions, as well as mitigations for affected processors. AMD disclosed the flaws in a coordinated disclosure with several researchers, including teams from Google, Apple, and Oracle, giving the company time to develop mitigations before the public listings.

The interesting thing here is that AMD did not announce the vulnerabilities through a press release or other means, instead simply posting the lists. The list includes AGESA revisions that AMD has distributed to its OEMs in order to patch the vulnerabilities (AGESA code is used to build BIOS/UEFI code). The availability of new BIOS patches with the new AGESA code, on the other hand, will vary by vendor.

So its better if you with your motherboard or system vendor to see if new BIOS revisions with the correct AGESA code have been posted.

AMD says it typically releases vulnerability disclosures twice a year, in May and November, but chose to release some in January due to the relatively large number of new vulnerabilities and the timing of the mitigations. It is unclear whether there will be performance penalties, as with other mitigations such as Spectre and Meltdown.

credit: AMD

Three new variants of the vulnerabilities affect the consumer-oriented Ryzen desktop PC, HEDT, Pro, and Mobile processors. One vulnerability is classified as high severity, while the other two are classified as medium or low severity.

These flaws can be exploited via BIOS hacks or an attack on the AMD Secure Processor (ASP) bootloader.

The flaws affect the Ryzen 2000-series Pinnacle Ridge desktop chips, as well as the 2000- and 5000-series APU product lines with integrated graphics (Raven Ridge, Cezanne). Furthermore, AMD’s Threadripper 2000- and 3000-series HEDT and Pro processors, as well as numerous Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile processors, are affected.

AMD has also disclosed 28 EPYC processor vulnerabilities, four of which are of high severity. Three of the high-severity variants allow arbitrary code execution via various attack vectors, while another allows writing data to specific regions, which can result in data integrity and availability loss. Researchers also discovered 15 other medium-severity vulnerabilities and nine low-severity vulnerabilities.

Also Read:

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

━ Related News

Featured

━ Latest News

Featured