AMD has discovered, and fixed, approximately thirty vulnerabilities in both its consumer and commercial products.
In an update on its website, the CPU giant detailed a total of 31 security issue patches, some of which were very severe.
Three vulnerabilities affecting Ryzen processors (Opens in a new tab)for Desktop, HEDT, Pro, and Mobile platforms – one is listed as high risk, while the other two are medium or low.
Weak EPYC
A threat actor can abuse vulnerabilities through a BIOS breach or an AMD Secure Processor boot loader attack. Ryzen 2000-series Pinnacle Ridge desktop chips, the 2000- and 5000-series APU product lines, and the 2000- and 3000-series Threadripper processors HEDT were said to be affected, along with the Ryzen 2000-, 3000-, 5000-, 6000-, and 6000-series chipsets. Athlon 3000 portable.
The remaining 28 flaws were found in AMD EPYC processors, which are designed to run their x86 servers.
Four high-severity flaws were found, three of which allowed arbitrary code to be executed, while the remaining flaw allowed data to be written, resulting in data integrity and data loss. The other 15 defects were classified as either moderate or low severity.
Besides the bug fixes, the update also lists ASEGA releases with fixes for the affected chips. ASEGA revisions have been released to OEMs, allowing them to address flaws in the BIOS/UEFI.
Since different manufacturers may patch their BIOS at different speeds, it’s impossible to know when each model will be sorted.
AMD has given credit to a number of tech giants who helped find and address the flaw, including Google, Apple, and Oracle. Talking to tom devicesThe company said that it usually discloses these flaws twice a year, once in May and once in November, but given the volume of recent results, it decided to include them as soon as possible.
- Here’s our take on the best firewalls (Opens in a new tab) at the moment
Via: Tom’s Hardware (Opens in a new tab)