AMD Issues BIOS Fixes For Several High Severity Zen Exploits, Update ASAP

amd epyc genoa in hand
AMD Ryzen and EPYC processors are vulnerable to some serious security exploits, so you should be quick about slapping the latest system firmware into your board's BIOS. Head to your system vendor or motherboard maker's website to make sure you've got the latest firmware for your Ryzen rig or EPYC server.

AMD has just published the details of four new vulnerabilities affecting Zen-based CPUs. Not every Ryzen or EPYC chip is affected by all four exploits, but every AMD Zen processor is vulnerable to at least one. These exploits are pretty serious—each one allows attackers a method to spuriously update SPI ROM, installing malware into your motherboard.

amd zen cve list

As far as we can tell, these flaws all require either administrative privileges or physical access, so there's no need to fly into a panic if you're just a regular user—just update your firmware as soon as you can. Of course, anyone administrating Ryzen or EPYC machines for business or government will definitely want to leap into action and get the patches, pronto.

You may have some struggles doing so, however. The required code changes have to be done inside AMD's AGESA microcode, and that means that not only does AMD have to ship an updated AGESA, but then your motherboard vendor or system seller has to produce an update that packages the new code.

Matthew over at Tom's Hardware did the legwork and figured out that Socket AM5 platforms and later Socket AM4 platforms (500 series chipsets) should have the requisite updates available as long as you're using a Ryzen 3000 or 5000-series processor. Folks using Cezanne ("G" chips on AM4) appear to be up a creek. You can head to AMD's disclosure page to see what AGESA version you need to be protected with your specific CPU.