AMD Discovers New Vulnerabilities Affecting Zen 1, 2, 3, 4 CPUs, BIOS Mitigations Released

AMD has disclosed new BIOS-side vulnerabilities across all of its Zen CPU generations, which has particularly impacted the SPI connection, compromising security.

The emergence of vulnerabilities across CPU architectures isn't surprising, but this time, AMD has apparently discovered something much bigger, impacting a more extensive consumer base, and the severity of it is listed as "high" this time as well. Moreover, the discovered vulnerabilities enter from your motherboard's BIOS as well; hence, the matter is indeed sensitive, and according to AMD, the consequences of the mentioned include the "trigger" of arbitrary codes and much more.

Moving into the specifics, AMD mentions that the vulnerability is broken down into four different compromises, and it relies on "messing up" with your SPI interface, which can lead to malicious activities such as denial of service, execution of arbitrary codes, and the bypass of your system's integrity. Team Red has described the vulnerabilities in multiple CVEs, and you can view their findings below to have an idea of how costly it can be:

However, the good thing is that to stay safe from the vulnerabilities mentioned above, AMD has advised its consumers to update to the latest AGESA versions, which the firm has already pushed out.

The new versions target mitigations for all AMD Ryzen CPU lineups, along with AMD's EPYC, Threadripper, and Embedded series as well, which shows that as long as you have the correct AGESA version loaded into your systems, it won't be much of a huge deal. However, particular SKUs, such as the Ryzen 4000G and 5000G APUs, haven't received mitigation patches in their respective motherboards, which might cause concerns. This is mainly dependent on the motherboard manufacturers. Still, we believe the new AGESA versions will be adopted soon.

News Source: AMD