In an update on its website, the CPU giant detailed a total of 31 patches for security issue, some of which were high-severity.
Three vulnerabilities affect Ryzen processors, for desktop PC, HEDT, Pro, and Mobile platforms - one of which is listed as high severity, while the other two were medium or low.
A threat actor could abuse the vulnerabilities through a BIOS hack or an attack on the AMD Secure Processor bootloader. Ryzen 2000-series Pinnacle Ridge desktop chips, 2000- and 5000-series APU product lines, Threadripper 2000- and 3000-series HEDT, and Pro processors, were all said to have been impacted, together with Ryzen 2000-, 3000-, 5000-, 6000-, and Athlon 3000-series mobile chips.
The remaining 28 flaws were found in the AMD EPYC processors.
Four flaws were found to have been of high severity, three of which allowed arbitrary code execution, while the remaining one allowed writing data, leading to data integrity and data availability losses. The other 15 flaws were ranked as either medium severity or low severity.
Besides the patches for the flaws, the update also lists ASEGA versions with fixes for affected chips. The ASEGA revisions were issued to Original Equipment Manufacturers (OEM), allowing them to address the flaws in BIOS/UEFI.
Apparently, the flaws were found by Google, Apple, and Oracle. Normally the company only releases patches twice a year, once in May, and once in November, but told Tom's Hardware that this batch was so big it was decided to list them earlier.