In the last January report, AMD reported that 31 new vulnerability was found in its processors.
The company has already taken measures to mitigate the consequences for unprotected processors. AMD also in collaboration with the teams from Apple, Google and Oracle published a report on the vulnerabilities found.
The company reported several options for AGESA, for which the update (AMD Geneeric Encapsulated Software Architecture, Agesa is the initial loading protocol designed to initialize processor nuclei, memory and controller Hypertransport). The amendments made to Agesa were directed directly to the manufacturers of the motherboard. The rate of release of updates of the firmware will depend on them. It is recommended that users of the processors of the Ryzen and EPYC series be monitored on the updates on the site of the motherboard manufacturers. And when the update becomes available – immediately install it on controlled computers.
All found vulnerability with gradation in terms of criticality
The image above lists all the vulnerabilities found in AMD. The first 3 are relevant for Ryzen desktop chips, high -performance HEDT and PRO series, as well as for mobile processors. All other 28 vulnerabilities are relevant only for the AMD EPYC series. The company marked the majority of vulnerabilities as “medium” and “low” in terms of criticality, but their total number, of course, scares. All vulnerabilities can be applied through BIOS hack or an attack on the AMD Secure Processor (ASP) bootloader.
below all the vulnerable series of processors are listed:
- Ryzen 2000 (Pinnacle Ridge) Series
- Ryzen 2000 Apus
- Ryzen 5000 APUS
- Epyc Series
- Threadripper 2000 Hedt and Pro Series
- Threadripper 3000 Hedt and Pro Series
- Ryzen 2000 Series Mobile
- Ryzen 3000 Series Mobile
- Ryzen 5000 Series Mobile
- Ryzen 6000 Series Mobile
- athlon 3000 Series Mobile
Since the amount of vulnerabilities is by no means small and affects many lines at once, AMD decided to publish a report earlier (usually reports on vulnerabilities are published in May and November of each year).
We hope that in the near future all motherboard manufacturers will release the necessary updates for their products.