Furthermore, of the 50 addressed vulnerabilities, almost half (23) are marked as High Severity on the Common Vulnerability Scoring System (CVSS).
Of the 22 EPYC flaws, all of which exist on the latest third generation processor, 17 on the second generation, and 12 on the oldest first generation chip, four are rated as High severity.
“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin.
All’s well that ends well
AMD has announced that it has released AGESA versions for all three generations of processors to address the listed vulnerabilities.
AGESA or AMD's Generic Encapsulated System Architecture is released to motherboard vendors for building their firmware and pushing updates.
According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.
In addition to these AMD's μProf performance analysis utility also gets a fix for a lone High-rated improper access control vulnerability.
Hunting for a new device? These are the best workstations around today