AMD partners roll out new BIOS updates to patch TPM vulnerability

Looks like another critical vulnerability needs patching in BIOS and that other vendors are already rolling out BIOS updates.

I fully expect we will be waiting months (if not years!) to get an update for our AMD Framework laptops…

(AMD partners roll out new BIOS updates to patch TPM vulnerability — error with AMD CPUs addressed with AGESA 1.2.0.3e | Tom's Hardware)

That page links to AMD’s bulletin (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4011.html), which has a table of affected products. According to the table, AMD has not issued a fix for the AI 300 series yet.

But the prior generation Laptop 13 and 16 are affected

I did not know the model numbers. Check the page and report back the status of AMD’s fix for your hardware!

Pretty sure Framework hasn’t even fixed a bunch of older security flaws, so I have zero faith they’ll respond to this in a timely manner.

The table includes a mitigation for AI 300 series CPUs:

AMD Ryzen™ AI 300 Series Processors “Strix Point” ASP fTPM Strixpi-fp8_0.0.9.0d 2024-06-28

And because I was curious about Debian - it was recently fixed in libtpms: CVE-2025-49133

Can you provide some examples?

CVE-2024-56161 is not fixed yet.

1 Like