When we talk about processors, the theme of vulnerabilities It is always present regardless of the brand, and although some seem to carry it better than others (in summer, Intel accumulated 486 for only 21 from AMD), there are times when the alarms go off, as is now the case. And is that AMD has issued a security statement alerting users of more than 50 vulnerabilities on your processors EPYC, affecting three generations of these, as well as their drivers Radeon for graphics cards.
The good news is that, although most of the vulnerabilities that AMD has reported are classified as high risk, the company has already provided the corresponding security patches and new packages in its AGESA microcode to solve the problems or, at the very least, mitigate the risks. We will tell you everything below.
AMD EPYC CPUs accumulate 22 vulnerabilities
In reality, not many home users make use of EPYC family processors (or Xeon equivalents), but even so it is still worrying because many of these are at an architectural level. In this case, three generations of EPYC processors are affected by up to 22 vulnerabilities, which means that at least the first two generations have been dragging them for years, and this is serious.
These 22 vulnerabilities mainly affect the security processors of the AMD PSP platform, the drives of system administration (SMU), the encrypted virtualization Secure from AMD (SEV) and other components of the platform of similar depth. As you have probably already noticed and we have already mentioned, they are not something that will affect ordinary users as a general rule, except those who have invested in high-power servers for their home, but it is something that will affect to SMEs and large companies.
As AMD has said, all these vulnerabilities could be exploited to obtain advanced privileges in the system, as well as the execution of unauthorized code, memory corruption, and the most serious: information disclosure and denial of service attacks (DDOS). For this reason, it is quite important to install the security patches that we will talk about in the next section.
Problem found, problem fixed
Fortunately, it has been AMD itself that has identified and warned about these vulnerabilities, and at the same time that they have published their existence they have also released the corresponding security patches and AGESA updates that solve or mitigate them, so users of these AMD EPYC processors (7001, 7002 and 7003) should update the micro code of these not too long after.
As we said, it has been AMD itself that has identified the vulnerabilities, and together with their announcement they have also announced that they have published new updates in the AGESA micro code that mitigate or solve them. As you know, you cannot update the AMD Generic Encapsulated System Architecture (AGESA) directly, but the company has made this update available to motherboard manufacturers, who will implement it through BIOS updates; In other words, to apply these solutions you must update BIOS of your motherboard.
In addition to the aforementioned regarding AMD EPYC CPUs, the company has also revealed a total of 27 vulnerabilities that affected the Radeon graphics driver for Windows 10, 18 of them classified as high risk. In the same way, the company has found a method to avoid these problems and users of the brand’s graphic cards will be free of them in the next update of their drivers (therefore, it is also advisable to update your graphics drivers) .