Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

AMD EPYC CPUs are suffering from a bunch of nasty security bugs

Image Description

AMD has issued three security bulletins announcing fixes for a whopping 50 vulnerabilities, with 22 of them affecting all three generations of its flagship EPYC server processors.

Furthermore, of the 50 addressed vulnerabilities, almost half (23) are marked as High Severity on the Common Vulnerability Scoring System (CVSS).

Of the 22 EPYC flaws, all of which exist on the latest third generation processor, 17 on the second generation, and 12 on the oldest first generation chip, four are rated as High severity.

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin.

All’s well that ends well

AMD has announced that it has released AGESA versions for all three generations of processors to address the listed vulnerabilities.

AGESA or AMD's Generic Encapsulated System Architecture is released to motherboard vendors for building their firmware and pushing updates.

In addition to the hardware bugs, AMD has also announced fixes for 27 vulnerabilities in the AMD Graphics Driver for Windows 10, with 18 of them marked as High.

According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

In addition to these AMD's μProf performance analysis utility also gets a fix for a lone High-rated improper access control vulnerability. 

Hunting for a new device? These are the best workstations around today

Date

12 Nov 2021

Sources

Share

Other Blog

  • Google Meet will soon give you extra options for creating a meeting

    Meet users will soon be able to create a meeting for later, join an instant meeting or schedule a meeting in Google Calendar.

    Read More

  • Here's a smartphone boasting a physical keyboard and it runs Linux

    F(x)tec unveils Pro1-X smartphone with physical keyboard in unique form-factor

    Read More

  • Microsoft says Azure users will have to patch these worrying security flaws themselves

    Microsoft has issued patches for the easily exploitable vulnerabilities, but left it upon users to patch their vulnerable Azure instances.

    Read More

  • Hacked WordPress sites are being defended by their attackers

    Threat actors are password protecting the exploitable PHP file on compromised WordPress sites to fend off other attackers.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us