TECH NEWS – It’s not enough that the failure rate of reference Radeon RX 7900 XTX cards can be high; now, many vulnerabilities have been found in AMD’s Ryzen and Epyc processors!
If this is the way AMD’s year goes, it will be its annus horribilis, or worst year ever, for the company: their website says that 31 (thirty-one!) new vulnerabilities have been discovered. AMD has collaborated with the trio of Apple, Google, and Oracle and announced that many AGESA variants would be updated (AGESA code is used in constructing the BIOS and UEFI code). The changes have been sent to OEMs, and it is up to the manufacturers (e.g., ASUS, Gigabyte…) to release the update as soon as possible.
For this reason, it’s worth visiting the vendor’s website often (and don’t use Google search because you may get more malware hits when searching for drivers!) because the 31 vulnerabilities affect several product lines. It may seem like an urgent matter because Ryzen desktop and mobile, Threadripper HEDT, and Pro processors are affected, and on top of that, Epyc CPUs for servers are not safe either.
The 31 vulnerabilities need to be broken down. Three have been found for Ryzen processors, but one of these has been described by AMD as high severity. The vulnerability is open to attackers through the BIOS and the ASP bootloader (or AMD Secure Processor bootloader). The remaining 28 vulnerabilities affect Epyc processors, four of which AMD describes as highly severe. Three of these allow vectors to be attacked in multiple areas to execute code. One even provides data writing, which could lead to data loss.
The affected processors are Ryzen 2000 (Pinnacle Ridge) series processors, Ryzen 2000 APUs, Ryzen 5000 APUs, AMD Threadripper 2000 HEDT and Pro server processor series, AMD Threadripper 3000 HEDT and Pro server processor series, Ryzen 2000 series mobile processors, Ryzen 3000 series mobile processors, Ryzen 5000 series mobile processors, Ryzen 6000 series mobile processors, and Athlon 3000 series mobile processors. As usual, AMD would have disclosed the vulnerabilities in May and November but has already done so to resolve the issue sooner. AMD processors are also affected by a Hertzbleed variant, a vulnerability similar to Meltdown and “Take A Way”.
Source: WCCFTech
Leave a Reply