Exploring AMD’s CPU Vulnerabilities: CVE-2021-26316, 26346, and 46795

In the recent spotlight are the vulnerabilities CVE-2021-26316, CVE-2021-26346, and CVE-2021-46795, affecting AMD’s Zen-based CPUs across all generations. These vulnerabilities have raised significant security concerns due to their impact on the System Packet Interface (SPI). In the ever-evolving world of technology, such vulnerabilities are not uncommon. AMD, is actively addressing these issues.

Understanding the Vulnerabilities CVE-2021-26316, 26346, and 46795

The first vulnerability, designated as CVE-2021-26316, is of high severity and can allow an attacker to tamper with the buffer in the BIOS, potentially leading to arbitrary code execution in System Management Mode. The second vulnerability, CVE-2021-26346, is of medium severity and can allow an attacker to introduce an integer overflow in the SPI flash, potentially leading to a denial of service. The third vulnerability, CVE-2021-46795, is of low severity and is a time-of-check to time-of-use (TOCTOU) vulnerability that could potentially result in a denial of service.

Mitigation Steps by AMD

In response to these vulnerabilities, AMD has taken proactive steps to mitigate the risks. The company is mitigating these vulnerabilities through new versions of AGESA, which is the base code for motherboard BIOSes. However, not all motherboard vendors have released new updates with the patched AGESA.

It’s important to note that not every Zen-based CPU has received a patch to fix these vulnerabilities. All users with AMD Ryzen processors from the last few years should check and update their motherboard firmware as soon as possible, especially if they haven’t done so before 2023.

The Impact on Users

While these vulnerabilities are serious, they’re not uncommon in the tech world. The key is to stay informed and take the necessary steps to protect your system. So, keep an eye on updates from AMD and your motherboard manufacturer, and apply any available patches as soon as possible.

For those who prefer a manual update, downloading the BIOS file to a USB stick and updating it directly in the BIOS is a good option. However, it’s important to exercise caution during this process to avoid any potential issues.

Conclusion

In conclusion, while the discovery of these vulnerabilities is concerning, it’s reassuring to see that AMD has taken swift action to address the issues. Users are advised to stay vigilant, keep their systems updated, and follow the recommended steps to mitigate the risks. As always, the safety and security of your system should be a top priority. Stay safe, stay updated! If you would like to read my other articles, click here.