Summary: AMD has announced critical security updates addressing multiple vulnerabilities in its EPYC and Ryzen Embedded processors, with some vulnerabilities allowing for potential arbitrary code execution and privilege escalation. The most serious vulnerabilities, rated CVSS 7.5, stem from issues in the System Management Mode handler that could permit unauthorized memory overwrites. AMD recommends that affected customers promptly update their firmware to mitigate these risks.
Affected: AMD EPYC and Ryzen Embedded processors
Keypoints :
- Ten vulnerabilities have been disclosed, including CVE-2023-31342, CVE-2023-31343, and CVE-2023-31345, each rated CVSS 7.5 (High).
- Vulnerability CVE-2023-31352 (CVSS 6.0, Medium) could allow unauthorized reading of unencrypted memory, risking guest data loss.
- Affected processor series include EPYC Embedded 3000, 7002, 7003, 9004, and Ryzen Embedded R1000, R2000, 5000, 7000, V1000, V2000, and V3000.
- Firmware updates are recommended, with specific updates for various processor series scheduled throughout 2024.
- AMD advises enforcing strict access controls to prevent abuse of firmware vulnerabilities.
Source: https://securityonline.info/amd-patches-multi-vulnerabilities-in-embedded-processors/