The Trusted Computing Group (TCG) disclosed a vulnerability in AMD Ryzen processors involving the Trusted Platform Module (TPM) under CVE-2025-2884. This flaw, which affects the CryptHmacSign function, allows attackers to read data outside of the designated memory buffer. Although requiring physical access, the risk is significant as it can lead to unauthorized data exposure or denial-of-service conditions. AMD has responded quickly by releasing firmware that addresses the issue across several Ryzen series, with motherboard manufacturers beginning to distribute updates.
The flaw in the CryptHmacSign function enables attackers to read unauthorized data from the TPM, raising security concerns despite AMD’s timely firmware update.
This vulnerability, designated CVE-2025-2884, not only allows potential data breaches but also affects the availability of TPM via denial-of-service attacks.
Collection
[
|
...
]