AMD Zen 1-4 Processors Affected by ‘High Security’ Vulnerabilities

Critical vulnerabilities disclosed by AMD impact Zen 1-4 processors, including Ryzen 3000 series, prompting urgent security measures.

Advanced Micro Devices has unveiled four “high security” vulnerabilities plaguing its Zen 1–4 processors, including the widely-used Ryzen 3000 desktop and 4000 mobile series CPUs. These vulnerabilities pose significant threats to performance and security across various AMD-based systems. Spanning servers, gaming desktop PCs, and workstation PCs employing Advanced Micro Devices processors.

The Ryzen 5 8600G and Ryzen 7 8700G stand as AMD’s latest processors, offering integrated graphics and CPU functions on a single chip, commonly known as an APU. These APUs cater to budget-conscious users seeking to build PCs without immediately investing in a dedicated GPU. Additionally, budget builders may consider older generation AMD Ryzen CPUs, such as the popular Ryzen 5 3600, as viable alternatives.

As reported by Guru3D, AMD’s recent security bulletin disclosed four vulnerabilities affecting Ryzen 3000, 4000 mobile, Embedded V2000, and Embedded V3000 processors. Classified as high risk, these vulnerabilities enable malicious users to bypass specific dual serial peripheral interface processes, facilitating remote code execution. AMD urges users to exercise caution and implement security measures until deploying BIOS updates. Ryzen 4000 series APUs are slated to receive BIOS updates by February 2024’s end. Followed by Ryzen 3000 series CPUs in March 2024 and embedded processors in April 2024. Prospective PC builders may opt for newer budget AMD gaming CPUs to circumvent these vulnerabilities entirely.

AMD Zen1-4 Vulnerabilities and Affected Processors

• Ryzen 3000, 4000, and Embedded V2000 and V3000 processors
• CVE-2023-20576: Insufficient Verification of Data Authenticity in AGESA, potentially leading to denial of service or privilege escalation.
• CVE-2023-20577: Heap overflow in SMM module, enabling arbitrary code execution.
• CVE-2023-20579: Improper Access Control in AMD SPI protection feature, risking loss of integrity and availability.
• CVE-2023-20587: Improper Access Control in System Management Mode (SMM), leading to arbitrary code execution.

Discovered by AMD security researchers, these vulnerabilities have been addressed in AMD’s latest gaming processors, including Ryzen 7000 and 8000 series CPUs. Users should verify their BIOS version and promptly update to the latest iteration, which they can initiate via USB flash. Furthermore, AMD recommends updating Windows 11 to bolster PC security. As the latest desktop components and laptops offer compatibility with essential features like DirectStorage and USB 4.0.