Looks like another critical vulnerability needs patching in BIOS and that other vendors are already rolling out BIOS updates.
I fully expect we will be waiting months (if not years!) to get an update for our AMD Framework laptops…
Looks like another critical vulnerability needs patching in BIOS and that other vendors are already rolling out BIOS updates.
I fully expect we will be waiting months (if not years!) to get an update for our AMD Framework laptops…
That page links to AMD’s bulletin (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4011.html), which has a table of affected products. According to the table, AMD has not issued a fix for the AI 300 series yet.
But the prior generation Laptop 13 and 16 are affected
I did not know the model numbers. Check the page and report back the status of AMD’s fix for your hardware!
Pretty sure Framework hasn’t even fixed a bunch of older security flaws, so I have zero faith they’ll respond to this in a timely manner.
The table includes a mitigation for AI 300 series CPUs:
AMD Ryzen™ AI 300 Series Processors “Strix Point” ASP fTPM Strixpi-fp8_0.0.9.0d 2024-06-28
And because I was curious about Debian - it was recently fixed in libtpms
: CVE-2025-49133
Can you provide some examples?
CVE-2024-56161 is not fixed yet.