AMD, details on two vulnerabilities involving EPYC CPUs coming soon

AMD, details on two vulnerabilities involving EPYC CPUs coming soon


AMD has revealed the existence of two exploits targeting the Secure Encrypted Virtualization (SEV) functionality used by its 1st, 2nd and 3rd generation EPYC processors which will be showcased at the 15th IEEE Workshop on Offensive Technologies (WOOT'21).

The first, known as CVE-2020-12967, will be presented in a paper published by researchers from Fraunhofer AISEC and the Technical University of Munich with the title “SEVerity: Code Injection Attacks against Encrypted Virtual Machines“. AMD said that the researchers who discovered this bug "make use of the research discussed earlier on the lack of protection of the nested page table in the SEV / SEV-ES function which could potentially lead to arbitrary code execution within the guest. “.

The second, indicated as CVE-2021-26311, will be explained in detail in a document entitled“ undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation ”by researchers from the University of Lübeck. AMD said the research showed that "memory that is not detected by the attestation mechanism can be rearranged in the guest's address space so that it can be used by a malicious hypervisor to potentially lead to arbitrary code execution." br>
Although both exploits affect three generations of EPYC processors, only the third models will receive mitigation directly from AMD thanks to the SEV-Secure Nested Paging feature described in a white paper in January 2020. Regarding the processors First and second generation EPYCs, the company said it "recommends following best security practices" to mitigate exposure to these exploits. That's not particularly helpful advice, but luckily it shouldn't prove too difficult to follow.

AMD stated that "the exploits mentioned in both documents require access by an administrator account to compromise the server's hypervisor". Requiring physical access should limit the scope of exploits, especially during a global pandemic. More information on both exploits will be released on May 27th at the WOOT'21 event on May 27th.

Looking for a new PSU to power your next GPU? Corsair RM750X, 750W modular power supply, is available on Amazon.

Alleged AMD Ryzen 5000 Zen 3 Refresh Might Soon Bring Greater Performance For Enthusiasts

AMD might be getting ready to introduce at least two refreshed Ryzen desktop processors based on its current generation Zen 3 CPU architecture, otherwise known as Vermeer. A couple of supposed new model numbers (also known as the OPN) have emerged, one of which hints at a potential Ryzen 9 5950XT and the other one a likely Ryzen 5 5600XT part.

Somehow or another, DevOps engineer and prominent leaker Patrick Schur caught wind of the new B2 steppings, and posted the details to Twitter.

Part number 100-000000059-60_50/34_Y is a 16-core/32-thread processor with a 3.4GHz base clock, just like AMD's flagship Ryzen 9 5950X. However, the boost clock is listed at 5GHz instead of 4.9GHz. Should those specifications be correct and AMD is does indeed launch a refreshed Ryzen 9 5950XT with a 100MHz higher top speed than the regular 'X' part, it will mark the first time AMD has taken Zen to 5GHz.

Granted, a 100MHz faster boost clock isn't going to light the computing world on fire. But cracking 5GHz from the factory would be a mental milestone. AMD has gotten there before, namely with its FX-9590, but ramping to 5GHz on Zen 3 is a much more enticing proposition than hitting that speed with an 8-core/16-thread Piledriver CPU.

The other B2 stepping listed is part number 100-000000065-06_46/37_Y, which is a 6-core/12-thread processor with a 3.7GHz base clock and 4.6GHz max boost clock. Sound familiar? It should—those specifications are identical to the Ryzen 5 5600X. So what gives?

That's a good question. Releasing a Ryzen 5 5600XT with the same speeds as the Ryzen 5 5600X would be odd, though perhaps AMD was able to make changes elsewhere. For example, maybe the XT part would have a lower TPD. AMD could also choose to bundle it with an upgraded cooler (the 5600X comes with the Wraith Stealth).

Alternatively, AMD might simply be replacing its X models with newer steppings that will not carry the XT designation. Whatever the case might be, these appear different than the rumored Zen 3+ refresh, as Schur hints that these are newer Vermeer parts, and not Warhol.