AMD issues fixes for processor vulnerabilities

AMD disclosed four new vulnerabilities that may affect some of its Zen-based processors. The company published rather lengthy documentation about the vulnerabilities, and the list of the affected processors is pretty long.

The company has released new AGESA (AMD Generic Encapsulated Software Architecture) code to motherboard manufacturers so they can update their BIOS/UEFI to apply the fixes. Check the list, and if your CPU is on the list, you should see if an updated BIOS/UEFI is available.

The list is quite comprehensive, covering clients, server, embedded, and IoT across all four generations of AMD’s Zen architecture and even affecting older Athlon processors. AMD says it was alerted to the vulnerabilities by researchers, and it issued mitigation guidelines after assessing the research.

There are four bugs total, and each one is slightly different, but all four are related to the Serial Peripheral Interface (SPI) that connects the CPU to the flash chip on the motherboard. AMD says the vulnerabilities could allow a person to run arbitrary code on a system, perform a denial of service attack, or escalate privileges on compromised systems. So these are not minor bugs.

AMD may have issued guidance in the fixes, but it is up to the individual motherboard makers to incorporate fixes into their firmware, test and qualify them, and push them out to customers. We don’t have a timeline for that, as each motherboard maker determines its own schedule.



Source link