2024-02-15 17:07:47
AMD has just reported and corrected four critical security vulnerabilities affecting many processors in its catalog, including Ryzen. Affected users are advised to update their PC BIOS.
Security breaches don’t just affect software and online services. Vulnerabilities are also regularly discovered in the physical components of our computers, and no manufacturer is spared. Often complex and difficult to exploit by potential attackers, they nevertheless remain dangerous and must be corrected as soon as a solution is proposed by the manufacturer of the equipment concerned. This is the case today for AMD, which has just published a note relating to four security flaws considered critical and affecting a very large number of its processors. Fortunately, the chip designer has already released the necessary patches and users of the affected models can protect their hardware by installing the appropriate updates.
© AMD
AMD processors: four critical security flaws already fixed
In an official note on its own site, AMD recognizes the existence of four vulnerabilities affecting its different families of processors for laptops, desktops and servers. Identified under the codes CVE-2023-20576, CVE-2023-20577, CVE-2023-20579 and CVE-2023-20587, the security flaws concern the entire SPI (Serial Peripheral Interface) link, a data bus which connects the processor to the motherboard. Their exploitation can allow a malicious actor to compromise the integrity or availability of data present in the SPI memory, to carry out arbitrary code execution, an escalation of privilege or even a denial of service attack.
The potential impact of these flaws is, however, limited for home, laptop or desktop computers, because their exploitation requires physical access to the targeted machine and a very good level of technical knowledge. Data center servers using vulnerable processors, however, are more exposed. To find out if your computer is equipped with one of the processor models affected by these vulnerabilities, you can consult the detailed list provided by AMD in its security note. Broadly speaking, Ryzen 3000, 5000, 6000 and 7000 series, Athlon 3000 series, Threadripper 3000 series and EPYC processors from the first to the fourth generation are affected.
© AMD
If one of your computers is affected, don’t panic. Once again, these flaws are difficult to exploit and the manufacturer AMD has already published the patches to remedy them. These security patches are not directly downloadable and installable, like a Windows update for example. These fixes must be rolled out by the various motherboard manufacturers via BIOS updates, with the firmware taking care of booting your computer before loading the operating system. To perform this update, go to your computer or motherboard manufacturer’s website, check if a new BIOS version for your specific model has recently been released, and if so, install it by following the instructions given by the manufacturer. In addition, many laptop manufacturers now include automated hardware update tools, particularly for drivers and BIOS. So monitor the various utilities installed by the manufacturer on your laptop, and if an update containing the word “BIOS” is offered to you, apply it immediately.
1708018116
#AMD #fixes #critical #security #flaws #processors