2024-11-26
This blog post details a critical vulnerability (CVE-2024-XXXX, severity not yet assigned by NVD) affecting the firmware of several AMD EPYC processors.
Vulnerability :
A buffer overflow vulnerability exists in the firmware of specific AMD EPYC processors.
Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges on the affected system.
Firmware versions up to (excluding) milanpi_1.0.0.d for some processors and up to (excluding) genoapi_1.0.0.c for others are vulnerable.
Affected Products:
AMD EPYC 7203, 7203P, 723F, 7303, 7303P, 7313, 7313P, 7343, 7373X, 7413, 7443, 7443P, 7453, 7473X, 74F3, 7513, 7543, 7543P, 7573X, 75F3, 7643, 7643P, 7663, 7663P, 7713, 7713P, 7763, 7773X (firmware versions up to milanpi_1.0.0.d)
AMD EPYC 8024P, 8024PN, 8124P, 8124PN, 8224P, 8224PN, 8324P, 8324PN, 8434P, 8434PN, 8534P, 8534PN, 9124, 9174F, 9184X, 9224, 9254, 9274F, 9334, 9354, 9354P, 9374F, 9384X, 9454, 9454P, 9474F, 9534, 9554, 9554P, 9634, 9654, 9654P, 9684X, 9734, 9754, 9754S (firmware versions up to genoapi_1.0.0.c)
AMD EPYC Embedded 7313, 7313P, 7413, 7443, 7443P, 7543, 7543P (firmware versions up to embmilanpi-sp3_1.0.0.9)
Recommendation:
Update the firmware of your AMD EPYC processor to a version that addresses this vulnerability (milanpi_1.0.0.d or later for some processors, genoapi_1.0.0.c or later for others, embmilanpi-sp3_1.0.0.9 or later for embedded processors).
Implement a layered security approach that includes application security controls, network segmentation, and intrusion detection/prevention systems to mitigate the risk of exploitation even if a system is not patched.
What Undercode Says:
This vulnerability is critical and could allow attackers to gain complete control of affected systems. It is important to patch your systems as soon as possible. AMD has not yet released a CVSS score for this vulnerability, but it is likely to be high.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help