- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
- One of the most dependable robot vacuums I've tested isn't a Roborock or Roomba
- Sustainability: Real progress but also thorny challenges ahead
- The 45+ best Black Friday PlayStation 5 deals 2024: Early sales available now
AMD issues fixes for processor vulnerabilities
AMD disclosed four new vulnerabilities that may affect some of its Zen-based processors. The company published rather lengthy documentation about the vulnerabilities, and the list of the affected processors is pretty long.
The company has released new AGESA (AMD Generic Encapsulated Software Architecture) code to motherboard manufacturers so they can update their BIOS/UEFI to apply the fixes. Check the list, and if your CPU is on the list, you should see if an updated BIOS/UEFI is available.
The list is quite comprehensive, covering clients, server, embedded, and IoT across all four generations of AMD’s Zen architecture and even affecting older Athlon processors. AMD says it was alerted to the vulnerabilities by researchers, and it issued mitigation guidelines after assessing the research.
There are four bugs total, and each one is slightly different, but all four are related to the Serial Peripheral Interface (SPI) that connects the CPU to the flash chip on the motherboard. AMD says the vulnerabilities could allow a person to run arbitrary code on a system, perform a denial of service attack, or escalate privileges on compromised systems. So these are not minor bugs.
AMD may have issued guidance in the fixes, but it is up to the individual motherboard makers to incorporate fixes into their firmware, test and qualify them, and push them out to customers. We don’t have a timeline for that, as each motherboard maker determines its own schedule.
