AMD has released a critical security update to address a major vulnerability in its Ryzen 7000 and Ryzen 9000 processors. The issue, labeled CVE-2025-2884, allows attackers with basic user privileges to access sensitive data or disrupt the Trusted Platform Module (TPM).
The flaw originated from a coding error in TPM 2.0 software, specifically within the CryptHmacSign() function. This vulnerability can be exploited by regular user-level applications, potentially exposing up to 65,535 bytes of sensitive information.
Affected Ryzen processors include desktop CPUs from Athlon 3000 and Ryzen 3000 series to Ryzen 9000 series, as well as mobile chips from Ryzen 3000 Mobile series to Ryzen AI 300 series. Threadripper workstation CPUs from Threadripper 3000 series to Threadripper 7000 series are also impacted.
The update is available for motherboards with the AGESA 1.2.0.3e firmware specifically targeting AM5-based platforms. However, users should note that installing this update may make it irreversible on certain motherboards, such as those from Asus.
Besides fixing the security issue, the update prepares motherboards for upcoming Ryzen processors and improves compatibility and performance for high-capacity memory setups. AMD urges users to verify the availability of the BIOS update through their motherboard manufacturer’s support page and install it as soon as possible.
Source: https://www.notebookcheck.net/AMD-fixes-major-Ryzen-7000-and-Ryzen-9000-vulnerability.1036871.0.html