AMD has revealed a whole host of CPU security flaws

AMD Ryzen 5 7600X processor
(Image credit: Future)

AMD has found, and patched, almost three dozen vulnerabilities in both its consumer and business products. 

In an update on its website, the CPU giant detailed a total of 31 patches for security issue, some of which were high-severity.

Three vulnerabilities affect Ryzen processors, for desktop PC, HEDT, Pro, and Mobile platforms - one of which is listed as high severity, while the other two were medium or low.

EPYC vulnerability

A threat actor could abuse the vulnerabilities through a BIOS hack or an attack on the AMD Secure Processor bootloader. Ryzen 2000-series Pinnacle Ridge desktop chips, 2000- and 5000-series APU product lines, Threadripper 2000- and 3000-series HEDT, and Pro processors, were all said to have been impacted, together with Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile chips. 

The remaining 28 flaws were found in the AMD EPYC processors, designed to power its x86 servers. 

Four flaws were found to have been of high severity, three of which allowed arbitrary code execution, while the remaining one allowed writing data, leading to data integrity and data availability losses. The other 15 flaws were ranked as either medium severity or low severity.

Besides the patches for the flaws, the update also lists ASEGA versions with fixes for affected chips. The ASEGA revisions were issued to Original Equipment Manufacturers (OEM), allowing them to address the flaws in BIOS/UEFI. 

As different manufacturers may patch their BIOS at a different speed, it’s impossible to know when each model will be sorted. 

AMD gave credit to a number of tech giants helping with the discovery and the remediation of the flaw, including Google, Apple, and Oracle. Speaking to Tom’s Hardware, the company said it usually discloses these flaws twice a year, once in May, and once in November, but given the size of the recent findings, decided to list them as soon as possible. 

Via: Tom's Hardware

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.