AMD’s EPYC CPUs have been hit with 22 Security Vulnerabilities – Fixes are already available

AMD reveals and fixes 22 EPYC CPU security vulnerabilities

While news of new Intel related CPU vulnerabilities is commonplace, AMD’s EPYC processors are not exactly free of issues. The commonality of Intel CPU vulnerability disclosures is thanks to Intel’s market share and the sheer amount of effort put into finding and addressing security issues with the CPU market’s leader. 

With AMD gaining significant market share within the server CPU market, it is unsurprising to see AMD disclose its own set of hardware vulnerabilities. Today,  AMD has revealed 22 security flaws that range from medium severity levels to high severity levels. These security issues affect all three generations of AMD’s EPYC processors, though some issues are specific to certain generations of EPYC CPUs. 

Thankfully, AMD has addressed all 22 of these EPYC CPU security issues with AGESA updates. This means that EPYC users will need to update the BIOS of their EPYC motherboards to secure their systems. AMD uncovered these security flaws with the help of companies like Google, Microsoft, and Oracle. 

    During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages. 

  

AMD has released more information about its 22 EPYC CPU vulnerabilities on its website, detailing issues with their Platform Security Processor (PSP), System Management Unit (SMU), Secure Encrypted Virtualization (SEV) and other platform components. 

You can join the discussion on AMD’s EPYC processors on the OC3D Forums.