AMD recently issued security warnings to alert customers about security vulnerabilities in its EPYC CPU and Radeon graphics driver running on Windows 10 computers. Despite the fact that the vast majority of the vulnerabilities are rated as high-risk, AMD supplied patches as well as AGESA microcode packages to mitigate these risks.

The EPYC 7001, EPYC 7002, and EPYC 7003 processor generations are all affected by the 22 possible vulnerabilities that have been disclosed this time. They are targeted primarily at AMD platform security processors (PSP), AMD system management units (SMU), AMD Secure Encrypted Virtualization (SEV), and other platform components, including the AMD Xeon CPU. When it comes to the 50 vulnerabilities resolved, nearly half (23 vulnerabilities) are rated as High Severity by the Common Vulnerability Scoring System (CVSS).

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” notes AMD in its security bulletin. 

As a result of the vulnerabilities identified, AMD has announced that it has published AGESA updates for all three generations of processors to remedy them. AMD's Generic Encapsulated System Architecture, known as AGESA, has been made available to motherboard suppliers for use in developing firmware and distributing updates. Additionally, AMD has disclosed solutions for 27 vulnerabilities in the AMD Graphics Driver for Windows 10, with 18 of them being classified as High severity.  According to AMD, the vulnerabilities can be exploited to facilitate escalation of privilege, unauthorized code execution, memory corruption, information disclosure, and denial of service attacks.

More than 50 vulnerabilities have been found in AMD EPYC processor and Radeon graphics drivers.