AMD is working on updates for Ryzen and Epyc vulnerabilities

AMD is working on firmware and bios updates for vulnerabilities reported last week in its Ryzen and Epyc processors. The chip designer notes that abuse requires administrator access to systems.

AMD reports that it was notified by CTS Labs on March 12 of the vulnerabilities found and that the security company publicly disclosed the vulnerabilities 24 hours later. AMD claims to have quickly tested the findings and is about to release patches.

It is important to note that the issues reported in the investigation require that there be administrative access to the systems, with the user effectively having unrestricted access and the right to delete, create and modify files and folders. , as well as the right to change settings,” AMD emphasizes.

This was also the criticism of the original publication of CTS Labs. There was also criticism of the short duration between notification to AMD and publication, with CTS appearing to have invested a lot of time in marketing the vulnerabilities. However, experts acknowledged that these are real vulnerabilities. Those vulnerabilities reside in the AMD Platform Security Processor, an ARM architecture-based co-processor that is part of Ryzen and Epyc processors and handles numerous security tasks. In addition, the ‘Promontory’ chipset produced by ASMedia turned out to be vulnerable. The leaks were not in the Zen architecture for CPUs.

AMD will be releasing bios updates for the Masterkey, Ryzenfall, and Fallout vulnerabilities in the coming weeks, and will be tweaking the Platform Security Processor firmware. According to AMD, these do not affect the performance of the processors. The Chimera vulnerability affected the ‘Promontory’ chipset of the AM4 and TR4 platforms. AMD is also releasing a bios update for this, and the company is working with ASMedia, the chipset designer, to fix the vulnerability.

AMD promises to announce more about the updates in the coming weeks.