AMD finds new vulnerabilities in Zen CPUs

AMD Ryzen_
Translate from : AMD finder nye sårbarheder i Zen CPU'er
AMD discloses new BIOS vulnerabilities across all Zen CPU generations that compromise security. Update to latest AGESA versions for protection.

AMD has recently disclosed new BIOS vulnerabilities that span all of their Zen CPU generations. This has had a particular impact on the SPI connection, compromising security to a significant degree. The discovery of vulnerabilities in CPU architectures is not surprising in the technology world, but this time it seems that AMD has discovered something much bigger.

This has affected a wider consumer base and the severity of the situation has been categorized as "high". Even more worryingly, the discovered vulnerabilities can also penetrate through your motherboard's BIOS. This makes the issue extremely sensitive, and according to AMD, the consequences can include "triggering" arbitrary codes and more. Diving deeper into the details, AMD mentions that the vulnerability is divided into four different compromises. It relies on "jamming" your SPI interface, which can lead to malicious activities. These can include denial of service, execution of arbitrary code, and circumvention of your system's integrity.

Team Red has detailed the vulnerabilities in several CVEs, and you can see their findings below to get an idea of how costly it can be:


However, the good thing is that AMD has advised its consumers to update to the latest AGESA versions to stay safe from the mentioned vulnerabilities. The company has already pushed out these versions. The new versions aim to address all AMD Ryzen CPU setups, along with AMD's EPYC, Threadripper and Embedded series. This shows that as long as you have the correct AGESA version loaded into your systems, it won't be a big deal. However, certain SKUs, such as the Ryzen 4000G and 5000G APUs, have yet to receive remedial patches in their respective motherboards, which may cause concern. This mainly depends on the motherboard manufacturers, but we believe that the new AGESA versions will be adopted soon.

Our Partners