https://www.techpowerup.com/288984/amd-epyc-processors-hit-by-22-security-vulnerabilities-patch-is-already-out
 
AMD EPYC class of enterprise processors has gotten infected by as many as 22 different security vulnerabilities. These vulnerabilities range anywhere from medium to high severity, affecting all three generations of AMD EPYC processors. This includes AMD Naples, Rome, and Milan generations, where almost all three are concerned with the whole 22 exploits. There are a few exceptions, and you can find that on AMD's website. However, not all seems to be bad. AMD says that "During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages."

AMD has already shipped new mitigations in the form of AGESA updates, and users should not fear if they keep their firmware up to date. If you or your organization is running on AMD EPYC processors, you should update the firmware to avoid any exploits from happening. The latest updates in question are NaplesPI-SP3_1.0.0.G, RomePI-SP3_1.0.0.C, and MilanPI-SP3_1.0.0.4 AGESA versions, which fix all of 22 security holes.
 
I must say that AMD has patched these vulnerabilities quickly. 

I agree that they normally would patch and then let people know about the risk after it's been fixed. Right now until the end users apply the firmware update is a time the exploits are most at risk of happening. Seems as though we only hear about an exploit before the patch is when the security exploit happens by hackers and we have it hit major news outlets.