A recent news article has now stated the necessary updates to resolve these vulnerabilities are nearing the end of their testing in advance of their release to wider industry and the public:
In addition, below I provide more background information on these vulnerabilities:
In second half of March, as you know AMD was made aware of several security vulnerabilities within their CPUs and mainboard products. In a controversial move; AMD were only provided with 1 day by the security company CTS Labs before more details of these vulnerabilities were publicly disclosed (defined).
Why should these vulnerabilities be considered important?
In contrast to the Meltdown and Spectre vulnerabilities, the vulnerabilities (listed below) are not as serious as Intel’s since an attacker must first compromise your computer system, obtain administrative access (defined) and then exploit the recently disclosed vulnerabilities. Attackers will still need to invest significant effort to take advantages of these vulnerabilities to develop an exploit in the first instance:
Very well written summaries of all five classes of vulnerabilities (Masterkey, PSP Privilege Escalation, Ryzenfall, Fallout and Chimera are available from this AMD blog post:
While these vulnerabilities are a concern; they will be easier to address than Meltdown and Spectre since they are due to programming errors rather than hardware design flaws. As noted in this Trail of Bits blog post; the Intel vulnerabilities required “previously unknown techniques and novel research advances to discover and exploit” while the AMD vulnerabilities “have been found in other embedded systems that have attempted to implement security features. They are the result of simple programming flaws, unclear security boundaries, and insufficient security testing”:
How can I protect myself from these vulnerabilities?
How AMD plans to mitigate these issues is also detailed in the blog post linked to above. These mitigations will likely appear as firmware updates (in the case of Masterkey) and operating system updates very similar to the approach taken by Intel to address their recently disclosed vulnerabilities.
Please monitor the website of the vendor who manufactured your system for pre-built systems/servers/laptops or the motherboard manufacturer for a custom built system for firmware updates.
If you experience issues after installing the updates, please report them to the manufacturers and/or AMD where possible and within online forums if not. More refined updates will only be created if a need to do so is established.