When we talk about processors, the theme of vulnerabilities It’s always there regardless of brand, and while some seem to wear it better than others (in the summer Intel racked up 486 for just 21 at AMD), there are times when alarms go off, like this is currently the case. And has AMD issued a security statement alerting users to more than 50 vulnerabilities on your processors EPYC, affecting three generations of these, as well as their conductors Radeon for graphics cards.
The good news is that while most of the vulnerabilities reported by AMD are classified as high risk, the company has already provided the corresponding security patches and new packages in its AGESA firmware to fix the issues or, at the very least, mitigate the risks. We will tell you all below.
AMD EPYC processors cumulate 22 vulnerabilities
In reality, few home users use EPYC family processors (or Xeon equivalents), but this is nonetheless worrying as many of them are at the architectural level. In this case, three generations of EPYC processors are affected by up to 22 vulnerabilities, which means that at least the first two generations have been dragging them for years, and that’s serious.
These 22 vulnerabilities mainly affect the security processors of the AMD PSP platform, the disks of system administration (SMU), the encrypted virtualization Secure against AMD (SEV) and other platform components of similar depth. As you’ve probably already noticed and mentioned before, this is not something that will affect ordinary users as a rule, except those who have invested in high power servers for their home, but it is is something that will affect SMEs and large companies.
As AMD said, all of these vulnerabilities could be exploited to gain advanced privileges in the system, as well as unauthorized code execution, memory corruption, and most serious: information disclosure and attacks. by denial of service (DDOS). For this reason, it is very important to install the security patches which we will discuss in the next section.
Problem found, problem solved
Fortunately, it was AMD itself that identified and warned about these vulnerabilities, and at the same time as they published their existence, they also released the corresponding security patches and AGESA updates that resolve them. or mitigate them, so users of these AMD EPYC processors (7001, 7002 and 7003) should update the microcode of these shortly thereafter.
As we said, it was AMD itself that identified the vulnerabilities, and with their announcement they also announced that they have released new updates in AGESA firmware that mitigate or resolve them. As you know, you can’t update AMD’s Generic Encapsulated System Architecture (AGESA) directly, but the company has made this update available to motherboard manufacturers, who will implement it through BIOS updates; In other words, to apply these solutions, you must update BIOS of your motherboard.
In addition to the above regarding AMD EPYC processors, the company also revealed a total of 27 vulnerabilities that affected the Radeon graphics driver for Windows 10, 18 of them are classified as high risk. Likewise, the company has found a method to avoid these issues and users of the brand’s graphics cards will get rid of it the next time they update their drivers (so updating your drivers is also advisable. graphics).