Skip to main content

AMD EPYC CPUs are suffering from a bunch of nasty security bugs

AMD EPYC
(Image credit: AMD)

AMD has issued three security bulletins announcing fixes for a whopping 50 vulnerabilities, with 22 of them affecting all three generations of its flagship EPYC server processors.

Furthermore, of the 50 addressed vulnerabilities, almost half (23) are marked as High Severity on the Common Vulnerability Scoring System (CVSS).

Of the 22 EPYC flaws, all of which exist on the latest third generation processor, 17 on the second generation, and 12 on the oldest first generation chip, four are rated as High severity.

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin.

All’s well that ends well

AMD has announced that it has released AGESA versions for all three generations of processors to address the listed vulnerabilities.

AGESA or AMD's Generic Encapsulated System Architecture is released to motherboard vendors for building their firmware and pushing updates.

In addition to the hardware bugs, AMD has also announced fixes for 27 vulnerabilities in the AMD Graphics Driver for Windows 10, with 18 of them marked as High.

According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

In addition to these AMD's μProf performance analysis utility also gets a fix for a lone High-rated improper access control vulnerability. 

Hunting for a new device? These are the best workstations around today

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.