AMD EPYC CPUs are suffering from a bunch of nasty security bugs

Vulnerabilities existed in all three generations of EPYC processors, so patch now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

AMDhas issued three security bulletins announcing fixes for a whopping 50 vulnerabilities, with 22 of them affecting all three generations of its flagship EPYC serverprocessors.

Furthermore, of the 50 addressed vulnerabilities, almost half (23) are marked as High Severity on the Common Vulnerability Scoring System (CVSS).

Of the 22 EPYC flaws, all of which exist on the latestthird generation processor, 17 on the second generation, and 12 on the oldest first generation chip, four are rated as High severity.

“During security reviews in collaboration withGoogle,Microsoft, and Oracle, potential vulnerabilities in theAMDPlatform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,”notes AMDin its security bulletin.

All’s well that ends well

AMD has announced that it has released AGESA versions for all three generations of processors to address the listed vulnerabilities.

AGESA or AMD’s Generic Encapsulated System Architecture is released to motherboard vendors for building their firmware and pushing updates.

In addition to the hardware bugs, AMD has also announced fixes for 27 vulnerabilities in theAMD Graphics DriverforWindows 10, with 18 of them marked as High.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

In addition to theseAMD’s μProfperformance analysis utility also gets a fix for a lone High-rated improper access control vulnerability.

Hunting for a new device? These are thebest workstationsaround today

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well