AMD has revealed a whole host of CPU security flaws

AMD Ryzen 5 7600X processor
(Image credit: Future)

AMD has found, and patched, almost three dozen vulnerabilities in both its consumer and business products. 

In an update on its website, the CPU giant detailed a total of 31 patches for security issue, some of which were high-severity.

Three vulnerabilities affect Ryzen processors, for desktop PC, HEDT, Pro, and Mobile platforms - one of which is listed as high severity, while the other two were medium or low.

EPYC vulnerability

A threat actor could abuse the vulnerabilities through a BIOS hack or an attack on the AMD Secure Processor bootloader. Ryzen 2000-series Pinnacle Ridge desktop chips, 2000- and 5000-series APU product lines, Threadripper 2000- and 3000-series HEDT, and Pro processors, were all said to have been impacted, together with Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile chips. 

The remaining 28 flaws were found in the AMD EPYC processors, designed to power its x86 servers. 

Four flaws were found to have been of high severity, three of which allowed arbitrary code execution, while the remaining one allowed writing data, leading to data integrity and data availability losses. The other 15 flaws were ranked as either medium severity or low severity.

Besides the patches for the flaws, the update also lists ASEGA versions with fixes for affected chips. The ASEGA revisions were issued to Original Equipment Manufacturers (OEM), allowing them to address the flaws in BIOS/UEFI. 

As different manufacturers may patch their BIOS at a different speed, it’s impossible to know when each model will be sorted. 

AMD gave credit to a number of tech giants helping with the discovery and the remediation of the flaw, including Google, Apple, and Oracle. Speaking to Tom’s Hardware, the company said it usually discloses these flaws twice a year, once in May, and once in November, but given the size of the recent findings, decided to list them as soon as possible. 

Via: Tom's Hardware

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
AMD logo
AMD patches high severity security flaw affecting Zen chips
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over