Last month, the Trusted Computing Group (TCG), the developer of the Trusted Platform Module (TPM) security standard, revealed a new TPM vulnerability in Ryzen processors.
This vulnerability, registered under CVE-2025-2884 (designated AMD-SB-4011 by AMD), allows an attacker to read data from the TPM via malicious commands through an information leak or possibly disrupt the availability of the TPM via a denial-of-service attack. This is a so-called out-of-bound read security flaw.
TCG indicates that the flaw occurs in the CryptHmacSign function. This function does not properly validate a message authentication code (hash) within the HMAC signature method, leading to reading outside the permitted memory space. In advisory document VRT0009, TCG explains it as follows:
No proper consistency check was implemented in the CryptHmacSign() function, which could lead to data being read outside the buffer boundaries. This buffer is passed to the ExecuteCommand() entry point. This error could allow an attacker to read up to 65,535 bytes of data outside the end of that buffer.
The vulnerability has a CVSS score of 6.6, indicating a medium risk level. This is typical for vulnerabilities that require local access, as the attacker must have physical access to the device. Nevertheless, AMD has released firmware to address the vulnerability on Ryzen 7000 and 8000 series (Zen 4) and Ryzen 9000 series (Zen 5).
AMD has confirmed that the AGESA firmware (AMD Generic Encapsulated Software Architecture), version Combo PI 1.2.0.3e, addresses the issue. According to the company, this firmware resolves the issue related to the ASP fTPM + Pluton TPM. ASP refers to the AMD Secure Processor, a special hardware component built into every system-on-a-chip.
Motherboard manufacturers roll out update
Motherboard manufacturers such as Asus and MSI have already started rolling out this firmware update. MSI has provided more information about version 1.2.0.3e of Combo PI in a blog post. This also mentions new features such as support for new CPUs and improved memory compatibility. MSI says:
This update not only supports upcoming new CPUs, but also ensures that all AM5 motherboards can handle 64GBx4 DRAM modules. Even with four 64GB memory modules fully installed, it is still possible to achieve a stable overclock speed of 6000MT/s, and sometimes even up to 6400MT/s.
In addition, the update improves the use of 2DPC 1R memory and brings overclocking improvements for specific Samsung memory chips (4Gx8).
It is noteworthy that Asus reports that this firmware update is irreversible because it is a major release. It can therefore be assumed that this release is very stable – and given that this is the so-called e-variant of the firmware, that seems plausible. Other manufacturers, such as Gigabyte and ASRock, have not yet released their updates.