AMD partners roll out new BIOS updates to patch TPM vulnerability

sgilderd · June 16, 2025, 6:24am

Looks like another critical vulnerability needs patching in BIOS and that other vendors are already rolling out BIOS updates.

I fully expect we will be waiting months (if not years!) to get an update for our AMD Framework laptops…

Phill_Wolf · June 16, 2025, 9:29am

That page links to AMD’s bulletin (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4011.html), which has a table of affected products. According to the table, AMD has not issued a fix for the AI 300 series yet.

Gmanny · June 17, 2025, 3:32pm

But the prior generation Laptop 13 and 16 are affected

Phill_Wolf · June 17, 2025, 4:22pm

I did not know the model numbers. Check the page and report back the status of AMD’s fix for your hardware!

jhoff80 · June 17, 2025, 4:24pm

Pretty sure Framework hasn’t even fixed a bunch of older security flaws, so I have zero faith they’ll respond to this in a timely manner.

dode · June 17, 2025, 5:09pm

The table includes a mitigation for AI 300 series CPUs:

AMD Ryzen™ AI 300 Series Processors “Strix Point” ASP fTPM Strixpi-fp8_0.0.9.0d 2024-06-28

And because I was curious about Debian - it was recently fixed in libtpms: CVE-2025-49133

Fn1 · June 17, 2025, 6:30pm

Can you provide some examples?

jhoff80 · June 17, 2025, 11:42pm

CVE-2024-56161 is not fixed yet.

Topic		Replies	Views
Bios update - AMD 13" Framework Laptop 13 framework-laptop-13-amd-7040	0	263	October 15, 2024
AMD processor vulnerabilities Community Support hardware	1	734	February 17, 2024
AMD "Sinkclose" (CVE-2023-31315) in Framework 13-inch laptop? Framework Laptop 13	18	3167	November 22, 2024
AMD-SB-7009: Any BIOS update in preparation for the AMD FWs? Framework Laptop 13	7	788	February 17, 2024
12th Gen BIOS Vulnerability Framework Laptop 13	16	8181	November 1, 2023