Looks like another critical vulnerability needs patching in BIOS and that other vendors are already rolling out BIOS updates.
I fully expect we will be waiting months (if not years!) to get an update for our AMD Framework laptops…
That page links to AMD’s bulletin (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4011.html), which has a table of affected products. According to the table, AMD has not issued a fix for the AI 300 series yet.
But the prior generation Laptop 13 and 16 are affected
I did not know the model numbers. Check the page and report back the status of AMD’s fix for your hardware!
Pretty sure Framework hasn’t even fixed a bunch of older security flaws, so I have zero faith they’ll respond to this in a timely manner.
The table includes a mitigation for AI 300 series CPUs:
AMD Ryzen™ AI 300 Series Processors “Strix Point” ASP fTPM Strixpi-fp8_0.0.9.0d 2024-06-28
And because I was curious about Debian - it was recently fixed in libtpms: CVE-2025-49133
Can you provide some examples?
CVE-2024-56161 is not fixed yet.
1 Like