AMD confirms mystery bug that reportedly affects gaming PCs

AMD has confirmed a vulnerability in its processor lineup that leaked out early before the company had a chance to issue a patch. While the vulnerability appears to affect consumer Ryzen CPUs, AMD has yet to name them nor describe the vulnerability.

The vulnerability will require mitigations, however, AMD said. A security bulletin is due soon.

The Register reported that Tavis Ormandy, who works at Google’s Project Zero, had noted that Asus released a beta version of a BIOS update for its gaming motherboards with a mention of an AMD vulnerability. Ormandy edited his post to remove the reference, but not before the Register report was published.

AMD has confirmed that the bug exists, but that it needs both local administrative access to the PC in question and specific microcode designed to attack the vulnerability.

“AMD is aware of a newly reported processor vulnerability,” a company spokesperson confirmed in an email. “Execution of the attack requires both local administrator level access to the system, and development and execution of malicious microcode. AMD has provided mitigations and is actively working with its partners and customers to deploy those mitigations.”

AMD wouldn’t say which processors were affected, or the nature of the vulnerability. For now, consumers will have to wait. But not long.

“AMD recommends customers continue to follow industry-standard security practices and only work with trusted suppliers when installing new code on their systems,” the AMD representative wrote. “AMD plans to issue a security bulletin soon with additional guidance and mitigation options.”