CATEGORIES
home News

AMD Issues BIOS Fixes For Several High Severity Zen Exploits, Update ASAP

by Zak KillianThursday, February 15, 2024, 05:00 PM EDT
amd epyc genoa in hand
AMD Ryzen and EPYC processors are vulnerable to some serious security exploits, so you should be quick about slapping the latest system firmware into your board's BIOS. Head to your system vendor or motherboard maker's website to make sure you've got the latest firmware for your Ryzen rig or EPYC server.

AMD has just published the details of four new vulnerabilities affecting Zen-based CPUs. Not every Ryzen or EPYC chip is affected by all four exploits, but every AMD Zen processor is vulnerable to at least one. These exploits are pretty serious—each one allows attackers a method to spuriously update SPI ROM, installing malware into your motherboard.

amd zen cve list

As far as we can tell, these flaws all require either administrative privileges or physical access, so there's no need to fly into a panic if you're just a regular user—just update your firmware as soon as you can. Of course, anyone administrating Ryzen or EPYC machines for business or government will definitely want to leap into action and get the patches, pronto.

You may have some struggles doing so, however. The required code changes have to be done inside AMD's AGESA microcode, and that means that not only does AMD have to ship an updated AGESA, but then your motherboard vendor or system seller has to produce an update that packages the new code.

Matthew over at Tom's Hardware did the legwork and figured out that Socket AM5 platforms and later Socket AM4 platforms (500 series chipsets) should have the requisite updates available as long as you're using a Ryzen 3000 or 5000-series processor. Folks using Cezanne ("G" chips on AM4) appear to be up a creek. You can head to AMD's disclosure page to see what AGESA version you need to be protected with your specific CPU.
Tags:  AMD, security, CPUs, (nasdaq:amd)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment