Skip to main content

AMD Discloses 50 Security Holes Affecting EPYC CPUs, Radeon Drivers

AMD EPYC Processor
AMD EPYC Processor (Image credit: AMD)

AMD published three security bulletins yesterday addressing the security vulnerabilities affecting its EPYC processors and the Radeon graphics driver for Windows 10. Although many are marked High severity, they are mitigated with a driver update and AGESA packages.

The chipmaker exposed 22 potential vulnerabilities that affect three generations of EPYC processors: EPYC 7001 (Naples), EPYC 7002 (Rome) and EPYC 7003 (Milan). The exploits specifically target the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components.

In response to the exploits, AMD distributed the the NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C and MilanPI-SP3_1.0.0.4 AGESA updates to its OEM partners. If you're running one of AMD's EPYC chips, you should contact your OEM for the update.

The Radeon graphics driver for Windows 10 was equally filled with vulnerabilities. AMD detected up to 27 different exploits with varying levels of severity that impact both mainstream and enterprise consumers. Luckily, users just need to update their Radeon drivers to the latest version to patch the security holes. 

Mainstream users need to have at least Radeon Adrenalin 21.4.1 installed, which isn't a big problem assuming that most, if not all, users should already be on the latest 21.11.2 version. On the other hand, enterprise users will need to make sure that they're running at the very least the Radeon Pro Enterprise 21.Q2 driver. But, again, we don't see this being an issue since the latest 21.Q3 driver has been available since September.

The last security vulnerability targets AMD's μProf tool, which analyzes application  performance on operating systems, including Windows, Linux and FreeBSD. The chipmaker recommends users update the μProf tool to version 3.4.394 on Windows and 3.4-502 on Linux.

  • tommo1982
    For once I'm happy the info came from the manufacturer. I'd like to see more of that.
    Reply
  • hotaru.hino
    tommo1982 said:
    For once I'm happy the info came from the manufacturer. I'd like to see more of that.
    It's nice that they're transparent about it, but I'd rather have a third-party disclose it because forces accountability on the creator. For all I know, they've been sitting on these way longer than they should've.

    A sticking point, unless something happened over the past 4 years, is AMD won't open up the PSP for a third party audit.
    Reply
  • InvalidError
    hotaru.hino said:
    It's nice that they're transparent about it, but I'd rather have a third-party disclose it because forces accountability on the creator. For all I know, they've been sitting on these way longer than they should've.
    Even if the flaws were discovered by a 3rd-party, most 3rd-parties would follow "responsible disclosure" rules by telling AMD first and not go public until AMD has a fix, so you'd still end up with AMD sitting on bugs for a possibly very long time before either having a fix or declaring it wontfix.
    Reply
  • d0x360
    hotaru.hino said:
    It's nice that they're transparent about it, but I'd rather have a third-party disclose it because forces accountability on the creator. For all I know, they've been sitting on these way longer than they should've.

    A sticking point, unless something happened over the past 4 years, is AMD won't open up the PSP for a third party audit.

    Wait... You would prefer 3rd party disclosure because it forces accountability? Ok I get that but...

    AMD has never been known to hide vulnerabilities. Intel has, even nVidia has but I don't recall AMD doing it.

    Does the PSP need a 3rd party audit? From what I understand people want these audits because they think the NSA has placed backdoors in PSP & (Intel)ME but it's entirely based on... nothing. It's more likely that they won't let a 3rd party do an audit because of potential abuse by people who work for said 3rd party.

    I really doubt there is an NSA backdoor. Wouldn't you be able to monitor for such a thing via router logs? Plus I really doubt that they would need a backdoor. There are so many ways into a system that it doesn't make much sense for Intel and AMD to open themselves up to being sued into oblivion...
    Reply
  • InvalidError
    d0x360 said:
    It's more likely that they won't let a 3rd party do an audit because of potential abuse by people who work for said 3rd party.
    Having the PSP code out in the wild also means more chances researchers will find side-channel attacks for it. Practically nothing is truly safe from getting broken into with sufficient low-level knowledge, access and time.
    Reply
  • wifiburger
    so no issues with consumers chips ? like Ryzen
    Reply
  • domih
    Nothing "new" there. Both INTEL and AMD regularly post advisories so that data centers, corporations and... end users can update their systems:

    https://securityaffairs.co/wordpress/124556/security/intel-amd-advisories.html
    and/or:

    https://www.securityweek.com/intel-amd-patch-high-severity-security-flaws
    Professional security researchers always first contact manufacturers and software publishers to give them the time to fix issues and publish patches.

    The security "researchers" who do not are irresponsible in giving zero-day exploits to the masses.

    If you think this article describes catastrophic issues, check out this one instead:

    https://securityaffairs.co/wordpress/124510/hacking/chaosdb-flaw-technical-details.html
    Other urban legend: MacOS is more secure. But:

    https://www.securityweek.com/macos-zero-day-exploited-deliver-malware-users-hong-kong
    Note that in all these articles, patches are already available. If you do not want your PC(s) to be low hanging fruit(s) for hackers, make sure you regularly apply patches and this goes a long way. Like in all industries, people optimize their work. In the IT breaking industry, hackers quickly switch to the next target when they stumbled on a host that is patched against the known zero-days of the past.
    Reply
  • USAFRet
    domih said:
    If you do not want your PC(s) to be low hanging fruit(s) for hackers, make sure your regularly apply patches and this go a long way.
    And there is the regular train of people here who have disabled updates because REASONS!
    :colere:
    Reply
  • InvalidError
    USAFRet said:
    And there is the regular train of people here who have disabled updates because REASONS!
    Best defense against unwanted random restarts and getting screwed over by a bad patch.

    For the most part though, none of this stuff matters if you aren't regularly visiting shady web sites and won't save you from clicking through compromised sites. Browser updates are 100X more important to prevent auto-exploits.
    Reply
  • domih
    InvalidError said:
    Best defense against unwanted random restarts and getting screwed over by a bad patch.

    For the most part though, none of this stuff matters if you aren't regularly visiting shady web sites and won't save you from clicking through compromised sites. Browser updates are 100X more important to prevent auto-exploits.

    Hacking is no longer an artisanal activity or just teenagers (or old people stuck in post-adolescence) using kiddie scripts for their fifteen micro-seconds of fame. Penetration of hosts is an industry performed by workshops/teams payed for their work. Most of them don't even use the compromised hosts, instead they are selling the compromised hosts access to other sectors of the hacking industry.

    These people do not care about your computer because it's yours. For them it's just a resource free of charge. No matter what your computer is, here are a few types of activity practiced on compromised hosts:
    Use your host to attack other hosts so the hackers stay hidden,
    Sell your host to a botnet,
    Run crypto-mining free of charge usually at low level so that it looks "normal". They use your hardware and YOU pay the power bill,
    Still any PI if stored on your host unencrypted and resell it. And they love people using common passwords and/or using the same password for multiple accounts. Password acquisition is automated against lists of thousands of already known in use passwords, then scripts will test signing in into the major web sites. They love it because they can sell the credentials for each web site as independent "products".
    Reply