A sizzling potato: All customers with AMD Ryzen processors from the previous couple of years ought to examine and replace their motherboard firmware ASAP, particularly in the event that they have not completed so since earlier than 2023. AMD has revealed an in depth chart describing 4 extreme safety points affecting server, desktop, workstation, HEDT, cell, and embedded Zen CPUs. Latest BIOS updates have addressed most, however not the entire flaws.
All 4 vulnerabilities AMD has acknowledged are marked as high-severity. The chart beneath lists the minimal AGESA model wanted to mitigate all points for every processor technology. A extra detailed breakdown of which issues and options have an effect on every CPU may be discovered within the firm’s security bulletin.
One of many vulnerabilities, designated CVE-2023-20576, can enable attackers to provoke denial of service assaults or escalate privileges on account of inadequate information authenticity verification within the BIOS.
Two others – CVE-2023-20577 and CVE-2023-20587 – can allow arbitrary code execution by granting entry to the SPI flash by System Administration Mode. One other, dubbed CVE-2023-20579, may cause lack of integrity and availability by improper entry management in AMD’s SPI safety function.
| CPU Technology | Minimal Patched BIOS model | Availability Date |
|---|---|---|
| 1st Gen AMD EPYC | NaplesPI 1.0.0.Ok | 2023-Apr-27 |
| 2nd Gen AMD EPYC | RomePI 1.0.0.H | 2023-Nov-07 |
| third Gen AMD EPYC | MilanPI 1.0.0.C | 2023-Dec-18 |
| 4th Gen AMD EPYC | GenoaPI 1.0.0.8 | 2023-Jun-09 |
| Ryzen 3000 Desktop | ComboAM4 1.0.0.B | 2024-Mar |
| Ryzen 5000 Desktop | ComboAM4v2 1.2.0.B | 2023-Aug-25 |
| Ryzen 5000 Desktop w/ Radeon | ComboAM4v2PI 1.2.0.C | 2024-Feb-07 |
| Ryzen 7000 Desktop | ComboAM5 1.0.8.0 | 2023-Aug-29 |
| Ryzen 3000 Desktop w/ Radeon | ComboAM4 1.0.0.B | 2024-Mar |
| Ryzen 4000 Desktop w/ Radeon | ComboAM4v2PI 1.2.0.C | 2024-Feb-07 |
| Ryzen Threadripper 3000 | CastlePeakPI-SP3r3 1.0.0.A | 2023-Nov-21 |
| Ryzen Threadripper Professional 3000WX | ChagallWSPI-sWRX8 1.0.0.7 | 2024-Jan-11 |
| Ryzen Threadripper Professional 5000WX | ChagallWSPI-sWRX8 1.0.0.7 | 2024-Jan-11 |
| Athlon 3000 Cell w/ Radeon | PollockPI-FT5 1.0.0.6 | 2023-Oct-26 |
| Ryzen 3000 Cell w/ Radeon | PicassoPI-FP5 1.0.1.0 | 2023-Could-31 |
| Ryzen 4000 Cell w/ Radeon | RenoirPI-FP6 1.0.0.D | 2024-Feb |
| Ryzen 5000 Cell w/ Radeon | CezannePI-FP6 1.0.1.0 | 2024-Jan-25 |
| Ryzen 7020 w/ Radeon | MendocinoPI-FT6 1.0.0.6 | 2024-Jan-03 |
| Ryzen 6000 w/ Radeon | RembrandtPI-FP7 1.0.0.A | 2023-Dec-28 |
| Ryzen 7035 w/ Radeon | RembrandtPI-FP7 1.0.0.A | 2023-Dec-28 |
| Ryzen 5000 w/ Radeon | CezannePI-FP6 1.0.1.0 | 2024-Jan-25 |
| Ryzen 3000 w/ Radeon | CezannePI-FP6 1.0.1.0 | 2024-Jan-25 |
| Ryzen 7040 w/ Radeon | PhoenixPI-FP8-FP7 1.1.0.0 | 2023-Oct-06 |
| Ryzen 7045 Cell | DragonRangeFL1PI 1.0.0.3b | 2023-Aug-30 |
| Eypc Embedded 3000 | Snowyowl PI 1.1.0.B | 2023-Dec-15 |
| Epyc Embedded 7002 | EmbRomePI-SP3 1.0.0.B | 2023-Dec-15 |
| Epyc Embedded 7003 | EmbMilanPI-SP3 1.0.0.8 | 2024-Jan-15 |
| Epyc Embedded 9003 | EmbGenoaPI-SP5 1.0.0.3 | 2023-Sep-15 |
| Ryzen Embedded R1000 | EmbeddedPI-FP5 1.2.0.A | 2023-Jul-31 |
| Ryzen Embedded R2000 | EmbeddedPI-FP5 1.0.0.2 | 2023-Jul-31 |
| Ryzen Embedded 5000 | EmbAM4PI 1.0.0.4 | 2023-Sep-22 |
| Ryzen Embedded V1000 | EmbeddedPI-FP5 1.2.0.A | 2023-Jul-31 |
| Ryzen Embedded V2000 | EmbeddedPI-FP6 1.0.0.9 | 2024-Apr |
| Ryzen Embedded V3000 | EmbeddedPI-FP7r2 1.0.0.9 | 2024-Apr |
These with Ryzen 3000 sequence desktop CPUs, 4000 sequence cell APUs, embedded V2000 chips, or V3000 techniques ought to train further vigilance over the subsequent few months, as the problems affecting these generations haven’t all been patched. An replace deliberate for later this month will handle the vulnerabilities for the 4000 sequence APUs, whereas a March 2024 BIOS replace will repair the 3000 sequence CPUs. The affected embedded merchandise will obtain patches in April.
All different Zen processors acquired the related fixes in updates between mid-2023 and early this month. For 2nd-gen Epyc processors, the replace that mitigated last year’s Zenbleed attack additionally protects towards the brand new vulnerabilities.
There are a number of methods to examine and update your BIOS model. In most trendy PCs, each are attainable immediately from the BIOS itself. After getting into the BIOS by urgent the indicated button through the system’s preliminary boot-up, the model quantity ought to seem on the primary menu. Computerized replace features fluctuate relying on the motherboard producer.
To examine your BIOS model with out rebooting Home windows, launch the System Info app by typing that into search or “msinfo” into the taskbar’s search. The model and date ought to seem within the record on the suitable pane. The newest BIOS model can normally be discovered on the help part of the motherboard producer’s web site. All main motherboard makers additionally supply computerized updates by non-obligatory administration software program.
