Jump to content

Welcome to ExtremeHW

Welcome to ExtremeHW, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be a part of ExtremeHW by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
  • Take advantage of site exclusive features.
IGNORED

50+ vulnerabilities found in AMD EPYC processor and Radeon graphics drivers.


UltraMega
 Share

Recommended Posts

Quote

AMD recently issued security warnings to alert customers about security vulnerabilities in its EPYC CPU and Radeon graphics driver running on Windows 10 computers. Despite the fact that the vast majority of the vulnerabilities are rated as high-risk, AMD supplied patches as well as AGESA microcode packages to mitigate these risks.

 

The EPYC 7001, EPYC 7002, and EPYC 7003 processor generations are all affected by the 22 possible vulnerabilities that have been disclosed this time. They are targeted primarily at AMD platform security processors (PSP), AMD system management units (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components, including the AMD Xeon CPU.

When it comes to the 50 vulnerabilities resolved, nearly half (23 vulnerabilities) are rated as High Severity by the Common Vulnerability Scoring System (CVSS).

 

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin. 

As a result of the vulnerabilities identified, AMD has announced that it has published AGESA updates for all three generations of processors to remedy them. AMD's Generic Encapsulated System Architecture, known as AGESA, has been made available to motherboard suppliers for use in developing firmware and distributing updates.

 

Additionally, AMD has disclosed solutions for 27 vulnerabilities in the AMD Graphics Driver for Windows 10, with 18 of them being classified as High severity. 

According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

More than 50 vulnerabilities have been found in AMD EPYC processor and Radeon graphics drivers. (guru3d.com)

 

Question for people on this site; I have sort of stopped seeing "security exploit found" articles as very news worthy because IMO it's a constant arms race that will never end so we can just expect new exploits to constantly be found and then patched. That said, 50+ sure seems like a lot but in general I don't think this kind of thing is all that news worthy. What do you guys think?

Edited by UltraMega
Link to comment
Share on other sites

  • UltraMega changed the title to 50+ vulnerabilities found in AMD EPYC processor and Radeon graphics drivers.

They dont garner loads of conversation but not all news posts do. I think its still a relevant piece of industry news though. 

 

On the topic itself, not great to hear. At this rate they will be closing in on Intels numbers haha.

  • Thanks 1
Link to comment
Share on other sites

17 hours ago, UltraMega said:

More than 50 vulnerabilities have been found in AMD EPYC processor and Radeon graphics drivers. (guru3d.com)

 

Question for people on this site; I have sort of stopped seeing "security exploit found" articles as very news worthy because IMO it's a constant arms race that will never end so we can just expect new exploits to constantly be found and then patched. That said, 50+ sure seems like a lot but in general I don't think this kind of thing is all that news worthy. What do you guys think?

I think we're gonna see them as long as the info isn't suppressed.(How long did they figure Intel knew about the Meltdown and Spectre?) Also, the first 6 months of 2021 saw 132 "vulnerabilities" being addressed by Intel. So it's just Tit for Tat... 😉

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

This Website may place and access certain Cookies on your computer. ExtremeHW uses Cookies to improve your experience of using the Website and to improve our range of products and services. ExtremeHW has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law. For more information please see our Privacy Policy