guru3d 50+ vulnerabilities found in AMD EPYC processor and Radeon graphics drivers.

[UltraMega]

Quote

AMD recently issued security warnings to alert customers about security vulnerabilities in its EPYC CPU and Radeon graphics driver running on Windows 10 computers. Despite the fact that the vast majority of the vulnerabilities are rated as high-risk, AMD supplied patches as well as AGESA microcode packages to mitigate these risks.

 

The EPYC 7001, EPYC 7002, and EPYC 7003 processor generations are all affected by the 22 possible vulnerabilities that have been disclosed this time. They are targeted primarily at AMD platform security processors (PSP), AMD system management units (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components, including the AMD Xeon CPU.

When it comes to the 50 vulnerabilities resolved, nearly half (23 vulnerabilities) are rated as High Severity by the Common Vulnerability Scoring System (CVSS).

 

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin. 

As a result of the vulnerabilities identified, AMD has announced that it has published AGESA updates for all three generations of processors to remedy them. AMD's Generic Encapsulated System Architecture, known as AGESA, has been made available to motherboard suppliers for use in developing firmware and distributing updates.

 

Additionally, AMD has disclosed solutions for 27 vulnerabilities in the AMD Graphics Driver for Windows 10, with 18 of them being classified as High severity. 

According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

More than 50 vulnerabilities have been found in AMD EPYC processor and Radeon graphics drivers. (guru3d.com)

 

Question for people on this site; I have sort of stopped seeing "security exploit found" articles as very news worthy because IMO it's a constant arms race that will never end so we can just expect new exploits to constantly be found and then patched. That said, 50+ sure seems like a lot but in general I don't think this kind of thing is all that news worthy. What do you guys think?

Edited November 16, 2021 by UltraMega

[ENTERPRISE]

They dont garner loads of conversation but not all news posts do. I think its still a relevant piece of industry news though. 

 

On the topic itself, not great to hear. At this rate they will be closing in on Intels numbers haha.

[schuck6566]

17 hours ago, UltraMega said:

More than 50 vulnerabilities have been found in AMD EPYC processor and Radeon graphics drivers. (guru3d.com)

 

Question for people on this site; I have sort of stopped seeing "security exploit found" articles as very news worthy because IMO it's a constant arms race that will never end so we can just expect new exploits to constantly be found and then patched. That said, 50+ sure seems like a lot but in general I don't think this kind of thing is all that news worthy. What do you guys think?

I think we're gonna see them as long as the info isn't suppressed.(How long did they figure Intel knew about the Meltdown and Spectre?) Also, the first 6 months of 2021 saw 132 "vulnerabilities" being addressed by Intel. So it's just Tit for Tat...