Potential Fake Report: A further 13 major security flaws specific to AMD's Zen CPUs discovered

Hot on the heels of Spectre and Meltdown, researchers say they have discovered more than a dozen new critical security flaws affecting AMD’s Ryzen and Epyc processor lines.
The vulnerabilities purportedly lie in what is supposed to be a secure part of the processors where sensitive information is contained.

The flaws were discovered by CTS-Labs, a security outfit in Israel. Unlike Google’s Project Zero team, which alerted chipmakers months in advance to Spectre and Meltdown before disclosing them to the public, CTS-Labs gave AMD less than 24 hours to look at its findings and respond before publishing the details. AMD is in the process of investigating the matter.

It’s not yet clear how serious these newly discovered flaws are. As presented, the 13 flaws fall into four categories called Master Key, Ryzenfall, Fallout, and Chimera. Between the four main vulnerabilities, an attacker could bypass a Ryzen or Epyc CPU’s secure boot and install malware into the BIOS, and the onto the processor itself. They could also leverage a pair of manufacturer backdoors to compromise a system’s firmware and chipset.

Source: PCGamer

2 Likes

This story isn’t quite as straight-forward as PCGamer is making it sound.

Remember Viceroy? The guys who released the reports on Steinhoff and Capitec here in South Africa?

Scant hours after the CTS Labs report went public, Viceroy had a report out about AMD saying that its stock was worth $0 and the company will be placed in bankruptcy.

The whole thing smells funny.

Here’s a quick write-up I did for MyBroadband…

I read somewhere this was faked with a green screen.

And AMD’s stock is plummeting. Already down 2.79%.

This all is still very new, but it does look like a fake report, that someone is trying to manipulate the market.

Gamernexus also has a much more thorough article.

Also a user on Anandtech forums showed that the company’s “staff photos” are photoshopped stock photos and the only contact details are 1 email and 1 number.

I’ve already written this off as an attempted smear piece to manipulate stock in AMD.

lets not feed the flames folks :slight_smile:

Yeah I saw and posted, then did further reading and saw the name Viceroy, and immediately something smelled of fish. Hence why I added the “potential fake report” part to the title.

Hopefully in the next day or so we’ll know more and can update the OP or post additional info here.

ya this is super doge, everyone is basically saying it BS.

This Video covers a lot of stuff

also streaming Paul’s Hardware’s show from a few hours ago and same thing looks doge, I hope it is and I hope AMD comes back swinging

And that some of those predictions about the SEC investigating this come true…

1 Like

I saw some headlines about AMD on twitter but I thought nah it can’t be the AMD I know. At least its fake. I don’t see how they could have been worth $0. They are selling actual products.

1 Like

I think I’m going to do an actual article about this when I get home tonight. This is nonsense.

1 Like

yay looking forward to that

It seems the reported flaws are real (still waiting for AMD to respond, which might take a while) but their severity was blown out of proportion, however all the rest of it is a load of bull, i.e. Viceroy with their share claims, etc.

It is also very, very poor form from CTS Labs to give basically no notice of the flaws.

I also find it very interesting that all this happens shortly before AMD’s new CPU lineup as well, they are Due in April so lets hope the all gets sorted before then.

Viceroy

2 Likes

2 Likes

So in case anyone was still worried about this, see below. Contrary to the hooplah CTS Labs were trying to make out of the report, AMD says a) the flaws are grossly overstated, and b) all will be fixed via software and BIOS updates within weeks, with no performance impact.

https://www.bloomberg.com/news/articles/2018-03-20/amd-confirms-chip-vulnerability-says-report-exaggerated-danger

1 Like