AMD Discloses 50 Security Holes Affecting EPYC CPUs, Radeon Drivers

AMD published three security bulletins yesterday addressing the security vulnerabilities affecting its EPYC processors and the Radeon graphics driver for Windows 10. Although many are marked High severity, they are mitigated with a driver update and AGESA packages.

The chipmaker exposed 22 potential vulnerabilities that affect three generations of EPYC processors: EPYC 7001 (Naples), EPYC 7002 (Rome) and EPYC 7003 (Milan). The exploits specifically target the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components.

In response to the exploits, AMD distributed the the NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C and MilanPI-SP3_1.0.0.4 AGESA updates to its OEM partners. If you’re running one of AMD’s EPYC chips, you should contact your OEM for the update.

The Radeon graphics driver for Windows 10 was equally filled with vulnerabilities. AMD detected up to 27 different exploits with varying levels of severity that impact both mainstream and enterprise consumers. Luckily, users just need to update their Radeon drivers to the latest version to patch the security holes. 

Mainstream users need to have at least Radeon Adrenalin 21.4.1 installed, which isn’t a big problem assuming that most, if not all, users should already be on the latest 21.11.2 version. On the other hand, enterprise users will need to make sure that they’re running at the very least the Radeon Pro Enterprise 21.Q2 driver. But, again, we don’t see this being an issue since the latest 21.Q3 driver has been available since September.

The last security vulnerability targets AMD’s μProf tool, which analyzes application  performance on operating systems, including Windows, Linux and FreeBSD. The chipmaker recommends users update the μProf tool to version 3.4.394 on Windows and 3.4-502 on Linux.