“During a security review in collaboration with Google, Microsoft, and Oracle, the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Cryptographic Virtualization (SEV), and other platform components were exposed to potential A vulnerability has been discovered in the AMD EPYC AGESA PI package,” AMD(opens in new tab) said in a security bulletin.
AMD has issued three security bulletins announcing fixes for a whopping 50 vulnerabilities. 22 of them affect all three generations of his flagship EPYC server processors. Additionally, of the 50 vulnerabilities addressed, nearly half (23) are marked as high severity in the Common Vulnerability Scoring System (CVSS).
Of the 22 EPYC bugs, all are present in the latest 3rd generation processors , 17 are in 2nd generation chips, 12 are in the oldest 1st generation chips, and 4 are high are classified as.
According to AMD, exploiting these vulnerabilities could facilitate privilege escalation, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks. In addition to these, AMD’s performance analysis utility μProf also gets a fix for the only highly rated vulnerability related to improper access controls.
All’s Well That Ends Well
AMD has announced that it has released his AGESA versions of all three processor generations to address the listed vulnerabilities. AGESA or AMD’s Generic Encapsulated System Architecture is released for motherboard vendors to build firmware and push updates to. In addition to the hardware bug, AMD also announced fixes for 27 vulnerabilities in AMD graphics drivers in Windows 10 . 18 of them are marked as important.