Hot on the heels of Spectre and Meltdown, researchers say they have discovered more than a dozen new critical security flaws affecting AMD’s Ryzen and Epyc processor lines.
The vulnerabilities purportedly lie in what is supposed to be a secure part of the processors where sensitive information is contained.
The flaws were discovered by CTS-Labs, a security outfit in Israel. Unlike Google’s Project Zero team, which alerted chipmakers months in advance to Spectre and Meltdown before disclosing them to the public, CTS-Labs gave AMD less than 24 hours to look at its findings and respond before publishing the details. AMD is in the process of investigating the matter.
It’s not yet clear how serious these newly discovered flaws are. As presented, the 13 flaws fall into four categories called Master Key, Ryzenfall, Fallout, and Chimera. Between the four main vulnerabilities, an attacker could bypass a Ryzen or Epyc CPU’s secure boot and install malware into the BIOS, and the onto the processor itself. They could also leverage a pair of manufacturer backdoors to compromise a system’s firmware and chipset.
This story isn’t quite as straight-forward as PCGamer is making it sound.
Remember Viceroy? The guys who released the reports on Steinhoff and Capitec here in South Africa?
Scant hours after the CTS Labs report went public, Viceroy had a report out about AMD saying that its stock was worth $0 and the company will be placed in bankruptcy.
Also a user on Anandtech forums showed that the company’s “staff photos” are photoshopped stock photos and the only contact details are 1 email and 1 number.
I’ve already written this off as an attempted smear piece to manipulate stock in AMD.
Yeah I saw and posted, then did further reading and saw the name Viceroy, and immediately something smelled of fish. Hence why I added the “potential fake report” part to the title.
Hopefully in the next day or so we’ll know more and can update the OP or post additional info here.
I saw some headlines about AMD on twitter but I thought nah it can’t be the AMD I know. At least its fake. I don’t see how they could have been worth $0. They are selling actual products.
It seems the reported flaws are real (still waiting for AMD to respond, which might take a while) but their severity was blown out of proportion, however all the rest of it is a load of bull, i.e. Viceroy with their share claims, etc.
It is also very, very poor form from CTS Labs to give basically no notice of the flaws.
I also find it very interesting that all this happens shortly before AMD’s new CPU lineup as well, they are Due in April so lets hope the all gets sorted before then.
So in case anyone was still worried about this, see below. Contrary to the hooplah CTS Labs were trying to make out of the report, AMD says a) the flaws are grossly overstated, and b) all will be fixed via software and BIOS updates within weeks, with no performance impact.
