AMD recently confirmed that its Ryzen CPUs are affected by a vulnerability and stated that it is actively working on fixes in collaboration with its partners. The issue came to light when a Google security researcher discovered references to a patch for the vulnerability in a new BIOS update for ASUS motherboards.
In essence, the problem became public before AMD had officially disclosed its existence. Speaking to The Register, the company expressed concern about potential false updates that could mislead consumers into thinking they had received a legitimate fix.
“AMD has provided mitigations and is actively working with its partners and customers to implement these mitigations. AMD recommends that customers continue to follow industry standard security practices and work only with trusted vendors when installing new code on their systems. AMD plans to issue a security bulletin soon with additional guidance and mitigation options.”
Affected Ryzen CPUs have not yet been disclosed.
The Red Team clarified that “executing the attack requires local administrator-level access to the system and the development and execution of malicious microcode.”
As of now, AMD has not yet published a bulletin with instructions on how to fix the issue, nor has it provided a detailed description of the problem. Additionally, there has been no mention of which specific Ryzen processor models are affected by this vulnerability, or whether average users are at risk of such attacks.
