According to WccfTech, AMD Inc Last updated in January It revealed that it has found 31 new vulnerabilities in its processors, including Ryzen and EPYC processors. In the following, we will explain more about this incident and introduce the processors that include this vulnerability.
- Non-X AMD Ryzen 7600/7700/7900 CPUs spotted on CPU-z
AMD started the new year with a list of vulnerabilities in its processors
AMD has developed several measures to mitigate the at-risk processors and has also published a joint report with teams from the top three companies Apple, Google and Oracle. The company also announced several AGESA variants listed in the update (The AGESA code is found when building the system’s BIOS and UEFI code).
Due to the nature of the vulnerability, AGESA’s changes have been handed off to other partner companies, and from then on, any fixes are up to each vendor to release as soon as possible. It is wise for consumers to visit the vendor’s official website to see if there is a new update waiting to be downloaded, in which case they should wait for the company to release it later.
AMD processors vulnerable to this new attack include Ryzen models for desktop, HEDT, Pro and mobile processor series. There is a single vulnerability labeled “high severity”, while the other two are less severe but still important to patch. As a result of these vulnerabilities, all holes are attacked through the BIOS bootloader and ASP (also known as AMD secure processor bootloader).
AMD processor series that are vulnerable are:
- Ryzen 2000 (Pinnacle Ridge) series processors.
- Ryzen 2000 series products
- Ryzen 5000 series products
- AMD Threadripper 2000 HEDT and Pro series of server processors
- AMD Threadripper 3000 HEDT and Pro series of server processors
- Ryzen 2000 series mobile processors
- Ryzen 3000 series mobile processors
- Ryzen 5000 series mobile processors
- Ryzen 6000 series mobile processors
- Athlon 3000 series mobile processors
Of the 31 vulnerabilities mentioned, 28 affect EPYC processors, with four models labeled “high severity” by the company. Three cases with high severity can have arbitrary code that can be executed in multiple regions via attack vectors. Also, one of the three listed has an additional exploit that allows data to be written to certain sectors, resulting in the loss of user data. Other research teams found 15 more vulnerabilities of lower severity and nine more of minor severity.
Due to the large number of affected processors that have been exploited, the company decided to disclose this latest vulnerability list, which is usually released in May and November each year, and to ensure that mitigation measures are in place for the release. is prepared Other vulnerabilities in AMD products include a variant of Hertzbleed, another that works similarly to the Meltdown exploit, known as “Take A Way.”
- Problems with Intel and AMD processor replacement plan in Russia and low local CPU production
- AMD is negotiating with TSMC to order its chips from a new factory in Arizona
- Launch of new AMD Dragon Range APUs with possible RDNA 3 support
- AMD started shipping non-X Ryzen 7000 processors