Jump to content
  • Latest Patch Tuesday mends Spectre V2 vulnerability affecting AMD Ryzen Windows PCs


    Karlston

    • 379 views
    • 3 minutes
     Share


    • 379 views
    • 3 minutes

    Last night was the second Tuesday of the month, which meant it was Patch Tuesday time. As such, Microsoft released the security update for Windows 11, Windows 10, as well as for Windows 8.1, and Windows 7.

     

    Among others, the latest November Patch Tuesday fixes a Spectre Variant 2 like AMD CPU vulnerability tracked under ID "CVE-2022-23824" which affects almost all AMD Ryzen, EPYC, and Athlon desktop, notebook and server processor SKUs. The latest Zen 4-based Ryzen 7000 chips however are not affected.

     

    In an advisory published earlier today, AMD has described the new security flaw:

     

    AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks based on RET predictions in cases where the OS relies on IBPB without the use of additional software mitigations, to flush the return address predictor.

     

    CVE-2022-23824

     

    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

     

    Hence, users running an AMD system, barring the latest Ryzen 7000 chips, are advised to update their Windows PCs. You can either use Windows Update in Settings to automatically download the update or manually grab the standalone updates from the Microsoft Update Catalog website. Find the links in the articles below:

     

     

    Here are all the AMD CPU families affected:

     

    Desktop

     

    • AMD Athlon™ X4 processor
    • AMD Ryzen™ Threadripper™ PRO processor
    • 2nd Gen AMD Ryzen™ Threadripper™ processors
    • 3rd Gen AMD Ryzen™ Threadripper™ processors
    • 7th Generation AMD A-Series APUs
    • AMD Ryzen™ 2000 Series Desktop processors
    • AMD Ryzen™ 3000 Series Desktop processors
    • AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics

     

    Mobile

     

    • AMD Ryzen™ 2000 Series Mobile processor
    • AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
    • AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
    • AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
    • AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

     

    Chromebook

     

    • AMD Athlon™ Mobile processors with Radeon™ graphics

     

    Server

     

    • 1st Gen AMD EPYC™ processors
    • 2nd Gen AMD EPYC™ processors
    • 3rd Gen AMD EPYC™ processors

     

    Alongside the CPU vulnerability, AMD has also shared details about several security flaws affecting its graphics too. The company released graphics drivers and AGESA updates to fix the issue in its GPUs and integrated graphics, respectively.

     

    In case of the Radeon RX 5000 and RX 6000 series GPUs, the issue is patched with the Radeon 22.5.2 driver. If you are already on a newer driver, you need not have to worry. For PRO series cards, you can grab the AMD Software: PRO Edition 22.Q2 or any newer driver. For AGESA firmware updates, you can head over to AMD's official website to find more details.

     

     

    Latest Patch Tuesday mends Spectre V2 vulnerability affecting AMD Ryzen Windows PCs


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...