
Posted on Monday, November 15 2021 @ 22:21 CET by Thomas De Maesschalck
TechPowerUp
reports AMD conducted security reviews in collaboration with Google, Microsoft, and Oracle. The result is the discovery of 22 security flaws in EPYC server processors, ranging from medium to high severity. Almost all 22 vulnerabilities affect the Naples, Rome, and Milan generations.
There are a few exceptions, and you can find that on AMD's website. However, not all seems to be bad. AMD says that "During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages."
EPYC clients need to upgrade to the latest AGESA version. AMD patched all 22 vulnerabilities in the NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C, and MilanPI-SP3_1.0.0.4 AGESA versions.