AMD revealed in the latest January replace that thirty-one new vulnerabilities had been present in its processors, masking Ryzen and EPYC CPUs.
AMD hit with 31 new vulnerabilities to begin 2023, affecting Ryzen & EPYC CPU strains
The firm has created quite a few mitigations to alleviate the uncovered processors and has additionally disclosed a report from the corporate in cooperation with groups from three prime corporations — Apple, Google, and Oracle. The firm additionally introduced a number of AGESA variants listed within the replace (AGESA code is discovered when constructing the system’s BIOS and UEFI code).
Due to the vulnerability’s nature, the AGESA adjustments have been delivered to OEMs, and any patching will rely on every vendor to launch it as quickly as doable. It could be smart for shoppers to go to the seller’s official web site to search out out if there’s a new replace ready for obtain relatively than ready for the corporate to roll it out later.
AMD Processors weak to this new assault embrace Ryzen fashions for desktops, HEDT, Pro, and cellular CPU sequence. There is a single vulnerability labeled as “excessive severity,” whereas two others are much less excessive however nonetheless necessary to patch. All exposures are attacked by means of the BIOS and ASP bootloader (also called the AMD Secure Processor bootloader).
AMD CPU sequence which might be weak are:
- Ryzen 2000 (Pinnacle Ridge) sequence processors
- Ryzen 2000 APUs
- Ryzen 5000 APUs
- AMD Threadripper 2000 HEDT and Pro server processor sequence
- AMD Threadripper 3000 HEDT and Pro server processor sequence
- Ryzen 2000 sequence cellular processors
- Ryzen 3000 sequence cellular processors
- Ryzen 5000 sequence cellular processors
- Ryzen 6000 sequence cellular processors
- Athlon 3000 sequence cellular processors
Twenty-eight AMD vulnerabilities have been found affecting EPYC processors, with 4 fashions labeled with a “excessive severity” by the corporate. The three of excessive severity can have arbitrary code that may be executed by means of assault vectors in quite a few areas. Also, one of many three listed has a further exploit that permits writing information to particular sections resulting in information loss. Other analysis groups discovered one other fifteen vulnerabilities with decrease severity and 9 with minor severity.
Because of the massive variety of affected processors exploited, the corporate selected to reveal this current vulnerability record that might sometimes be revealed in May and November annually and make it possible for mitigations had been ready for launch. Other vulnerabilities inside AMD merchandise embrace a variant of Hertzbleed, one other that acts equally to the Meltdown exploit, and one referred to as “Take A Way.”
| CVE | Severity | CVE Description | ||||
| CVE‑2021‑26316 | High | Failure to validate the communication buffer and communication service within the BIOS could permit an attacker to tamper with the buffer leading to potential SMM (System Management Mode) arbitrary code execution. | ||||
| CVE‑2021‑26346 | Medium | Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader could permit an attacker to introduce an integer overflow within the L2 listing desk in SPI flash leading to a possible denial of service. | ||||
| CVE‑2021‑46795 | Low | A TOCTOU (time-of-check to time-of-use) vulnerability exists the place an attacker could use a compromised BIOS to trigger the TEE OS to learn reminiscence out of bounds that would doubtlessly end in a denial of service. |
| CVE | AMD Ryzen™ 2000 sequence Desktop Processors “Raven Ridge” AM4 |
AMD Ryzen™ 2000 Series Desktop Processors Pinnacle Ridge |
AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 |
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4 |
|
| Minimum model to mitigate all listed CVEs | Raven-FP5-AM4 1.1.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 PinnaclePI-AM4 1.0.0.C |
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 |
N/A | N/A | ComboAM4v2 PI 1.2.0.8 | |
| CVE‑2021‑26316 | Raven-FP5-AM4 1.1.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 PinnaclePI-AM4 1.0.0.C |
PinnaclePI-AM4 1.0.0.C ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 |
N/A | N/A | ComboAM4v2 PI 1.2.0.4 | |
| CVE‑2021‑26346 | N/A | N/A | N/A | N/A | ComboAM4v2 PI 1.2.0.8 | |
| CVE‑2021‑46795 | N/A | N/A | N/A | N/A | ComboAM4v2 PI 1.2.0.5 |
| CVE | 2nd Gen AMD Ryzen™ Threadripper™ Processors Colfax |
third Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT |
||||
| Minimum model to mitigate all listed CVEs | SummitPI-SP3r2 1.1.0.5 | CastlePeakPI-SP3r3 1.0.0.6 | ||||
| CVE‑2021‑26316 | SummitPI-SP3r2 1.1.0.5 | CastlePeakPI-SP3r3 1.0.0.6 | ||||
| CVE‑2021‑26346 | N/A | N/A | ||||
| CVE‑2021‑46795 | N/A | N/A |
| CVE | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS |
AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS |
||||
| Minimum model to mitigate all listed CVEs | CastlePeakWSPI-sWRX8 1.0.0.7 ChagallWSPI-sWRX8 0.0.9.0 |
N/A | ||||
| CVE‑2021‑26316 | CastlePeakWSPI-sWRX8 1.0.0.7 ChagallWSPI-sWRX8 0.0.9.0 |
N/A | ||||
| CVE‑2021‑26346 | N/A | N/A | ||||
| CVE‑2021‑46795 | N/A | N/A |
| CVE | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP |
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Pollock |
||||
| Minimum model to mitigate all listed CVEs | PicassoPI-FP5 1.0.0.D | PollockPI-FT5 1.0.0.3 | ||||
| CVE‑2021‑26316 | PicassoPI-FP5 1.0.0.D | PollockPI-FT5 1.0.0.3 | ||||
| CVE‑2021‑26346 | N/A | N/A | ||||
| CVE‑2021‑46795 | N/A | N/A |
| CVE | AMD Ryzen™ 2000 Series Mobile Processors Raven Ridge FP5 |
AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” |
AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cézanne” |
AMD Ryzen™ 6000 Series Mobile Processors “Rembrandt” |
| Minimum model to mitigate all listed CVEs | N/A | PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 | RenoirPI-FP6 1.0.0.9 ComboAM4v2 PI 1.2.0.8 |
CezannePI-FP6 1.0.0.B | CezannePI-FP6 1.0.0.B | N/A |
| CVE‑2021‑26316 | N/A | PicassoPI-FP5 1.0.0.D ComboAM4PI 1.0.0.8 ComboAM4v2 PI 1.2.0.4 | RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.4 | CezannePI-FP6 1.0.0.6 | CezannePI-FP6 1.0.0.6 | N/A |
| CVE‑2021‑26346 | N/A | N/A | RenoirPI-FP6 1.0.0.9 ComboAM4v2 PI 1.2.0.8 |
CezannePI-FP6 1.0.0.B | CezannePI-FP6 1.0.0.B | N/A |
| CVE‑2021‑46795 | N/A | N/A | RenoirPI-FP6 1.0.0.7 ComboAM4v2 PI 1.2.0.5 | CezannePI-FP6 1.0.0.6 | CezannePI-FP6 1.0.0.6 | N/A |