Monday, November 15th 2021

AMD EPYC Processors Hit by 22 Security Vulnerabilities, Patch is Already Out

AMD EPYC class of enterprise processors has gotten infected by as many as 22 different security vulnerabilities. These vulnerabilities range anywhere from medium to high severity, affecting all three generations of AMD EPYC processors. This includes AMD Naples, Rome, and Milan generations, where almost all three are concerned with the whole 22 exploits. There are a few exceptions, and you can find that on AMD's website. However, not all seems to be bad. AMD says that "During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages."

AMD has already shipped new mitigations in the form of AGESA updates, and users should not fear if they keep their firmware up to date. If you or your organization is running on AMD EPYC processors, you should update the firmware to avoid any exploits from happening. The latest updates in question are NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C, and MilanPI-SP3_1.0.0.4 AGESA versions, which fix all of 22 security holes.
Source: AMD
Add your own comment

9 Comments on AMD EPYC Processors Hit by 22 Security Vulnerabilities, Patch is Already Out

#1
Richards
Amd still has a long way to go on the software side
Posted on Reply
#2
R-T-B
RichardsAmd still has a long way to go on the software side
The Intel ME has every bit of the same spotty security history.

It's not a brand thing. It's that hardware security is and remains a bad model.
Posted on Reply
#3
lynx29
R-T-BThe Intel ME has every bit of the same spotty security history.

It's not a brand thing. It's that hardware security is and remains a bad model.
Perhaps another way to re-word it is that anything connected to the internet is simply at risk, and modernity is highly overrated?
Posted on Reply
#4
R-T-B
lynx29Perhaps another way to re-word it is that anything connected to the internet is simply at risk, and modernity is highly overrated?
That's oversimplifying it a bit, I feel.
Posted on Reply
#5
lynx29
R-T-BThat's oversimplifying it a bit, I feel.
I know, I was having bit of fun lol
Posted on Reply
#6
DeathtoGnomes
I wonder of there was a performance hit, like when Intel ...
Posted on Reply
#7
chrcoluk
The SEV also affects Ryzen cpu's? Or they not been patched because it isnt expected use case?
Posted on Reply
#8
owen10578
DeathtoGnomesI wonder of there was a performance hit, like when Intel ...
I doubt it since this vulnerability is not on the cores themselves.
Posted on Reply
#9
Mysteoa
chrcolukThe SEV also affects Ryzen cpu's? Or they not been patched because it isnt expected use case?
While I haven't check specifically, if you have updated the bios and chispset drivers, you should be protected.
Posted on Reply