Firmware fixes for Ryzen processors

Earlier this month, AMD quietly disclosed 31 new CPU vulnerabilities affecting its Ryzen desktop chips and EPYC data center processors. AMD coordinated with several researchers to disclose the vulnerabilities, including teams from Google, Apple, and Oracle.

AMD typically releases vulnerability findings twice a year, in May and November, but decided to release fixes earlier due to the relatively high number of new vulnerabilities and the long time to mitigate them.

Despite the severity and number of flaws, AMD posted the list on its security page. The vulnerabilities include revisions of BIOS/UEFI that AMD has distributed to its OEMs. Since each OEM has a different BIOS/UEFI, it’s best to check with your motherboard manufacturer or system vendor to see if you need to update.Edge computing gateway

DTU/Edge Gateway/IoT Platform/Gateway Module

The list of server issues includes 15 vulnerabilities rated “High”, <> rated “Medium”, and <> rated “Low Priority”. Three of the high-severity variants allow arbitrary code execution via various attack vectors, while another allows data to be written to a specific area, which can result in loss of data integrity and availability.

One particularly prevalent vulnerability is CVE-2021-26316, which affects both desktop and server processors. This is a “validation failure in the communication buffer and communication service in the BIOS that could allow an attacker to tamper with the buffer, leading to potential system administration mode arbitrary code execution.”

The vulnerabilities affect all three generations of Epyc processors, but only four vulnerabilities affect the first-generation “Naples” products. The rest affects second/third generation “Roma” and “Naples” products.

X

Contact us

Contact us