Monday, February 6, 2023

AMD: Patch your Ryzen and EPYC systems now as the company has just released a list of 31 new CPU Vulnerabilities

In a January update, AMD quietly disclosed 31 new CPU vulnerabilities spanning its Ryzen consumer chips and EPYC data centre processors. The vulnerability update also includes a list of AGESA versions, as well as mitigations for affected processors. AMD disclosed the flaws in a coordinated disclosure with several researchers, including teams from Google, Apple, and Oracle, giving the company time to develop mitigations before the public listings.

The interesting thing here is that AMD did not announce the vulnerabilities through a press release or other means, instead simply posting the lists. The list includes AGESA revisions that AMD has distributed to its OEMs in order to patch the vulnerabilities (AGESA code is used to build BIOS/UEFI code). The availability of new BIOS patches with the new AGESA code, on the other hand, will vary by vendor.

So its better if you with your motherboard or system vendor to see if new BIOS revisions with the correct AGESA code have been posted.

AMD says it typically releases vulnerability disclosures twice a year, in May and November, but chose to release some in January due to the relatively large number of new vulnerabilities and the timing of the mitigations. It is unclear whether there will be performance penalties, as with other mitigations such as Spectre and Meltdown.

H33WaYXNMC3NJjLJRqbKXh 1200 80 AMD: Patch your Ryzen and EPYC systems now as the company has just released a list of 31 new CPU Vulnerabilities
credit: AMD

Three new variants of the vulnerabilities affect the consumer-oriented Ryzen desktop PC, HEDT, Pro, and Mobile processors. One vulnerability is classified as high severity, while the other two are classified as medium or low severity.

These flaws can be exploited via BIOS hacks or an attack on the AMD Secure Processor (ASP) bootloader.

The flaws affect the Ryzen 2000-series Pinnacle Ridge desktop chips, as well as the 2000- and 5000-series APU product lines with integrated graphics (Raven Ridge, Cezanne). Furthermore, AMD’s Threadripper 2000- and 3000-series HEDT and Pro processors, as well as numerous Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile processors, are affected.

AMD has also disclosed 28 EPYC processor vulnerabilities, four of which are of high severity. Three of the high-severity variants allow arbitrary code execution via various attack vectors, while another allows writing data to specific regions, which can result in data integrity and availability loss. Researchers also discovered 15 other medium-severity vulnerabilities and nine low-severity vulnerabilities.

Also Read:


- Advertisement -
Nivedita Bangari
Nivedita Bangari
I am a software engineer by profession and technology is my love, learning and playing with new technologies is my passion.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Bitdefender WW

Stay Connected


Hot Topics


Latest Articles