Security flaw in Ryzen 9000, 8000, 7000 CPU's. firmware update released.

[jmwhite33]

 

 

Summary

A security flaw concerning TPM was recently discovered. Luckily it requires physical access to exploit.

 

Quotes

Quote

 Last week, the Trusted Computing Group (TCG), which is the developer of the Trusted Platform Module (TPM) security standard, alerted the press and AMD about a new TPM vulnerability on Ryzen processors.

Asus and MSI have released updates already.

 

Sources

https://www.neowin.net/news/amd-ryzen-9000-8000-7000-cpus-have-a-vulnerable-tpm-pluton-major-firmware-fix-released/

 

MSI states they also fix some memory issues;

This update not only adds support for upcoming new CPU, but also enables all AM5 motherboards to support large-capacity 64GBx4 DRAM chips. .... Even with four 64GB DRAM fully installed, the system can still achieve a stable overclocking speed of 6000MT/s, and even up to 6400MT/s.

In addition, this update optimizes 2DPC 1R capability and includes overclocking enhancements specifically for Samsung's 4Gx8 chips.

[Blasty Blosty]

17 minutes ago, jmwhite33 said:

Even with four 64GB DRAM fully installed, the system can still achieve a stable overclocking speed of 6000MT/s, and even up to 6400MT/s.

This is the best part tbh

[jmwhite33]

Here is another article about with a little more info concerning what cpu's are effected. Looks as if it is more than just 7000-9000 series;

https://www.tomshardware.com/pc-components/cpus/amd-partners-roll-out-new-bios-updates-to-patch-tpm-vulnerability-error-with-amd-cpus-addressed-with-agesa-1-2-0-3e

 

"Impacted processors include a wide range of Ryzen processors between Athlon 3000 "Dali" / Ryzen 3000 "Matisse" and Ryzen 9000 "Granite Ridge" on desktop, and between Ryzen 3000 Mobile "Picasso", and Ryzen AI 300 "Strix Point" on mobile. Similarly, all workstation CPUs from Threadripper 3000 "Castle Peak" to Threadripper 7000 "Storm Peak" are also vulnerable to this bug." 

[podkall]

19 minutes ago, Blasty Blosty said:

This is the best part tbh

Certainly for RAM hungry folks it's a big W, or potential at tuning their already 6000MT/s RAM even tighter/faster

[TVwazhere]

1 hour ago, jmwhite33 said:

A security flaw concerning TPM was recently discovered. Luckily it requires physical access to exploit.

Anything that requires physical access to exploit might as well be a non-issue for me specifically. Becasue if someone is in my house touching my PC, I've already lost and the PC is the least of my concerns.

[podkall]

9 minutes ago, TVwazhere said:

Anything that requires physical access to exploit might as well be a non-issue for me specifically. Becasue if someone is in my house touching my PC, I've already lost and the PC is the least of my concerns.

When someone touches my PC without permission:

 

 

[StDragon]

Affects ZEN3 too and others. The minimum AGESA rev is referenced per the CVE below. If your BIOS rev is below the posted minimum patch level, your system is vulnerable (hint: most are as of today until MB vendors release a new BIOS rev)

 

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4011.html

[PDifolco]

38 minutes ago, TVwazhere said:

Anything that requires physical access to exploit might as well be a non-issue for me specifically. Becasue if someone is in my house touching my PC, I've already lost and the PC is the least of my concerns.

This, plus I don't enable TPM anyway, still on Win 10, and won't change  

[StDragon]

Theft happens though. If you don't have Bitlocker enabled, that's on you. Many of you will no doubt brush the concern off, but for those that understand the security implications, it's a BFD.

[podkall]

35 minutes ago, PDifolco said:

This, plus I don't enable TPM anyway, still on Win 10, and won't change  

There's 2 reasons why I'm on Windows 10.

 

1. Less bloat, so probably slightly faster, especially on hardware that isn't designed with W11 in mind because it was released before W11
2. License, I have full Windows 10 license with DVD disk, if I'm re-installing Windows from scratch, it most likely will be 10 from the DVD

[wanderingfool2]

5 hours ago, jmwhite33 said:

Luckily it requires physical access to exploit.

And this is why I dislike a lot of current day news reporting.

 

We are basing this "physical access" based on what?  The article.

 

The article bases it on what?  A guess, a literal guess...I mean technically their wording isn't wrong...but I really hate news sites like this article that create non-sense based guesses.

 

Here's the quote 

Quote

This is typically the case for most local-level attacks as in order to exploit such a flaw, the threat actor must have physical access to a device

So they are basing this off of the score being low as the assumption that it requires physical access...but what is hilarious is they linked to a PDF and quoted it
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
But they failed to read the summary in full I guess...specifically this part.

Quote

This vulnerability can be triggered from user-mode applications by sending
malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference
implementation.

So all they need to do is run code on your computer.  So chain this together with a RCE and there you go TPM compromised.

 

So if I'm reading it right, they can still exploit it if they are running software in user-mode.

[jmwhite33]

6 minutes ago, wanderingfool2 said:

And this is why I dislike a lot of current day news reporting.

 

We are basing this "physical access" based on what?  The article.

 

The article bases it on what?  A guess, a literal guess...I mean technically their wording isn't wrong...but I really hate news sites like this article that create non-sense based guesses.

 

Here's the quote 

So they are basing this off of the score being low as the assumption that it requires physical access...but what is hilarious is they linked to a PDF and quoted it
https://trustedcomputinggroup.org/wp-content/uploads/VRT0009-Advisory-FINAL.pdf
But they failed to read the summary in full I guess...specifically this part.

So all they need to do is run code on your computer.  So chain this together with a RCE and there you go TPM compromised.

 

So if I'm reading it right, they can still exploit it if they are running software in user-mode.

and it's great that you are here to provide more in depth information.

Thanks, because isn't that what this forum/community is all about.

[wanderingfool2]

7 minutes ago, jmwhite33 said:

and it's great that you are here to provide more in depth information.

Thanks, because isn't that what this forum/community is all about.

Oh sorry I re-read my post.  If I came off a bit salty at you I didn't mean to.  I'm more salty in the article that essentially states that which then starts to spread to other sources etc.  It's just the whole news thing where it creates the beginnings of the misinformation without any real clarification that what they are stating is a speculation on their part

[jmwhite33]

4 minutes ago, wanderingfool2 said:

Oh sorry I re-read my post.  If I came off a bit salty at you I didn't mean to.  I'm more salty in the article that essentially states that which then starts to spread to other sources etc.  It's just the whole news thing where it creates the beginnings of the misinformation without any real clarification that what they are stating is a speculation on their part

no offense taken.

we all have different life paths and experiences.

your knowledge fills gaps in mine and vice-versa.

isn't that what these online gathering places are essentially about, learning and teaching from/with others from different spectrums of life experience?

wish more folks understood that.

[Doobeedoo]

Always most of these issues being needing physical access. Memory support is neat though.

[leadeater]

15 hours ago, wanderingfool2 said:

So all they need to do is run code on your computer.  So chain this together with a RCE and there you go TPM compromised.

 

So if I'm reading it right, they can still exploit it if they are running software in user-mode.

An RDP session in this case would be "physical access". Physical access is being misused, here and other times. Physical access required means "must plugin a threat actor USB device" or re-flash firmware that can only be done locally and even then IPMI = same thing.

 

Physical access required should only be used when literal ability to touch it is a necessity in the chain.

[wanderingfool2]

9 hours ago, leadeater said:

An RDP session in this case would be "physical access". Physical access is being misused, here and other times. Physical access required means "must plugin a threat actor USB device" or re-flash firmware that can only be done locally and even then IPMI = same thing.

 

Physical access required should only be used when literal ability to touch it is a necessity in the chain.

The way I read the article though, I genuinely think the author of the article meant physical access as how you described it though, the physical ability to touch it which is what annoyed me so much about the article...it's literally the author not reading the report they linked to and then guessing that since it's rating was so low that it required remote access.

[PDifolco]

On 6/16/2025 at 6:39 PM, StDragon said:

Theft happens though. If you don't have Bitlocker enabled, that's on you. Many of you will no doubt brush the concern off, but for those that understand the security implications, it's a BFD.

Depends on what's on your drive.. Sure I won't like some thug having access to my photos, but everything is backed up and easily recoverable and reinstallable

What I would not stand is losing that stupid key and not access my drive anymore due to some Windows shenanigan asking it !

[StDragon]

2 hours ago, PDifolco said:

Depends on what's on your drive..

A lot of people cache passwords and other personally identifiable information (PII). I mean, the P in PC means "Personal", so expect a lot of users to store or cache sensitive information on the C drive.

BTW, if you log into Windows with an MS account, your Bitocker key gets stored at https://account.microsoft.com/devices/recoverykey You can also store it elsewhere

[igormp]

On 6/16/2025 at 11:31 AM, Blasty Blosty said:

This is the best part tbh

I doubt this will be doable in practice by most users.

So far I've only seen people managing 5200~5600MHz. I'm on the former camp, and took me many trials and errors until I could get a stable config at 5200MHz.

[Blasty Blosty]

5 hours ago, igormp said:

So far I've only seen people managing 5200~5600MHz. I'm on the former camp, and took me many trials and errors until I could get a stable config at 5200MHz.

With 64GB?

[igormp]

7 hours ago, Blasty Blosty said:

With 64GB?

4x64GB, yes.

[Mark Kaine]

So with that I only have one question: how do I make absolutely 100% sure automatic BIOS updates are completely turned off in windows 11?  

[starsmine]

3 hours ago, Mark Kaine said:

So with that I only have one question: how do I make absolutely 100% sure automatic BIOS updates are completely turned off in windows 11?  

isnt that only a laptop thing?

[StDragon]

4 hours ago, Mark Kaine said:

So with that I only have one question: how do I make absolutely 100% sure automatic BIOS updates are completely turned off in windows 11?  

"Capsule" Updates are available through Windows Updates published by OEM vendors such as Dell, HP, and Lenovo. I have yet to see one for the DIY market for specific motherboards however. The only way to control those is via Windows Updates (you have more control with the Pro editions vs Home) or through UEFI settings to block.

 

If you built your PC (not OEM motherboard), you don't have to worry about the BIOS updating itself via Windows Updates.