AMD has only given mitigations for the new EPYC processor generation.
AMD has disclosed many arbitrary code execution flaws in its EPYC processors, including the first three generations as well as the AMD EPYC embedded processors.
The flaws are detailed in two research papers due to be presented at a prestigious security conference later this year, and they revolve around AMD’s Secure Encrypted Virtualization (SEV).
The first vulnerability, CVE-2020-12967, was discovered by Fraunhofer AISEC and the Technical University of Munich researchers. The academic researchers, according to AMD, used previously published research on the SEV/SEV-Encrypted State (SEV-ES) feature’s lack of nested page table security.
- These are the most effective endpoint security tools.
- Check out our roundup of the best firewall software and services.
- Here is our pick for the best malware removal tools currently available.
Researchers at the University of Lübeck found the second exploit, which is known as CVE-2021-26311. According to AMD, This study shows that memory in the function can be rearranged in the guest address space without being detected by the SEV/SEV-ES attestation mechanism.
There are mitigations in place.
Although recognising the flaws, AMD also stated that exploiting them both will necessitate physical access to the servers, making the flaws less serious than those that can be exploited remotely.
The documents, which will be discussed at the IEEE Workshop on Offensive Technologies (WOOT’21), take advantage of AMD SEV vulnerabilities to run arbitrary code in a guest.
Surprisingly, AMD has only released mitigations for the third-generation EPYC processors, despite the fact that the exploits affect three generations of EPYC processors.
It actually advises “following protection best practises” for the other two. It’s unclear if the company intends to release mitigations for these processors in the future
The new AMD EPYC Milan CPU family outperforms the competition in high-performance computing (HPC), cloud, and business workloads by up to two times.
According to the company, the most powerful SKU in the range (the 64-core EPYC 7763) also takes the title of “world’s highest-performing server processor,” providing up to 19% more instructions per clock thanks to the latest architecture.
TechRadar Pro was told during a briefing session that EPYC Milan’s higher performance density means customers can achieve the same level of performance with 49 percent fewer servers and 25 percent fewer racks than Intel’s highest.
The statistics are focused on comparisons with Intel’s Xeon Gold 6258R processors, not the soon-to-be-released Intel Ice Lake Xeon CPUs, which will be much more competitive.
Milan AMD EPYC
AMD has released a total of 19 new EPYC CPUs, varying in core count from 8 to 64 and costing between $913 and $7,890 per thousand units.
This means that less room, fuel, and cooling are needed to house, operate, and cool servers, according to AMD, which translates to a 35 percent reduction in total cost of ownership (TCO).
EPYC Milan, the company hopes, will be able to have enough for everyone without requiring consumers to buy more powerful (and expensive) CPUs than they need.
AMD is also emphasising the latest EPYC series’ security credentials. Shadow stack and safe encrypted virtualization (SEV) with secure nesting paging (SNP) are available on third-generation CPUs, which improve on existing safeguards to help defend against control flow attacks and untrusted hypervisors.
“SEV-SNP adds strong memory integrity security capabilities to EPYC processors, helping to avoid malicious hypervisor-based attacks by providing an isolated execution environment,” AMD said.
EPYC Milan will be able to provide “dramatic value” to customers thanks to a combination of improved protection, superior performance, and a wider range of options, according to the company