AMD push security update to patch 13 security vulnerabilities
In mid-March of this year, CTS-Labs, an unrecognized security agency, suddenly blew up and claimed that there were as many as 13 security holes in the AMD Zen architecture processor. AMD responded by saying that it was investigating and analyzing, and accused directly publicizing dangerous security flaws, but did not give AMD enough response time according to industry practice.
Of course, problems have always been solved. After the AMD study found that these security vulnerabilities are not critical, it is generally necessary to obtain administrator privileges and access to hardware devices to exploit. AMD promises to repair it as soon as possible.
According to the tomshardware news, AMD has completed the patching of these vulnerabilities. The EPYC server processor is undergoing final testing and will be repaired next month with firmware updates. The Ryzen processor will soon follow.
It is understood that AMD has previously shared patches and code with eco partners for joint testing.
AMD said that after receiving the notification from CTS-Labs for about 30 days, AMD issued a patch to its ecosystem partners, fixed all relevant vulnerabilities of the EPYC platform, and Chimera vulnerabilities on all other platforms. Partners are working on these patches. We will release a patch applied to other products to ecological partner this month, after waiting for the completion of the ecological partner certification will be publicly released.
Interestingly, CTS-Labs also issued a document two days ago questioning the slowness of AMD operations, guaranteeing that there will be no practical measures to repair the loopholes as soon as possible, and even intentionally encrypting some modules of the PSP security coprocessor and prohibiting external access.