Many nefarious security holes plague AMD EPYC CPUs

Share This Post

“During a security review in collaboration with Google, Microsoft, and Oracle, the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Cryptographic Virtualization (SEV), and other platform components were exposed to potential A vulnerability has been discovered in the AMD EPYC AGESA PI package,” AMD(opens in new tab) said in a security bulletin.

AMD has issued three security bulletins announcing fixes for a whopping 50 vulnerabilities. 22 of them affect all three generations of his flagship EPYC server processors. Additionally, of the 50 vulnerabilities addressed, nearly half (23) are marked as high severity in the Common Vulnerability Scoring System (CVSS).
Of the 22 EPYC bugs, all are present in the latest 3rd generation processors , 17 are in 2nd generation chips, 12 are in the oldest 1st generation chips, and 4 are high are classified as.

Highlights

  • According to AMD, exploiting these vulnerabilities could facilitate privilege escalation, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks. In addition to these, AMD’s performance analysis utility μProf also gets a fix for the only highly rated vulnerability related to improper access controls.

  • All’s Well That Ends Well
    AMD has announced that it has released his AGESA versions of all three processor generations to address the listed vulnerabilities. AGESA or AMD’s Generic Encapsulated System Architecture is released for motherboard vendors to build firmware and push updates to. In addition to the hardware bug, AMD also announced fixes for 27 vulnerabilities in AMD graphics drivers in Windows 10 . 18 of them are marked as important.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...