Page 1 of 7 1234 ... LastLast
Results 1 to 16 of 101

Thread: AMD processors impacted by 13 serious flaws, says CTS Labs

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,725
    Thanks
    0
    Thanked
    1,727 times in 597 posts

    AMD processors impacted by 13 serious flaws, says CTS Labs

    Four classes of security vulnerabilities exist in Ryzen and EPYC, says cyber-security firm.
    Read more.

  2. #2
    Member
    Join Date
    Jul 2016
    Location
    My happy place
    Posts
    146
    Thanks
    43
    Thanked
    10 times in 9 posts
    • afiretruck's system
      • Motherboard:
      • Gigabyte X399 Designare Ex
      • CPU:
      • AMD Threadripper 1900X
      • Memory:
      • Corsair 32GB 3200MHz
      • Storage:
      • 250GB NVMe SSD RAID 1 (root) + 1.25TB SSD RAID 5 (6 x 250GB) (home) + 900p 280GB SSD (scratch)
      • Graphics card(s):
      • RX Vega 64 (Linux)
      • PSU:
      • Corsair RMi 850
      • Case:
      • Thermaltake Core X71
      • Operating System:
      • Arch Linux (Antergos)

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.

  3. Received thanks from:

    Jonj1611 (13-03-2018)

  4. #3
    Member
    Join Date
    Feb 2017
    Posts
    141
    Thanks
    3
    Thanked
    6 times in 6 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Coincidentally this has been released just before AMD is about to release the new Ryzen 2 chips.

  5. #4
    Long member
    Join Date
    Apr 2008
    Posts
    826
    Thanks
    37
    Thanked
    152 times in 113 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.

  6. #5
    Senior Member
    Join Date
    Nov 2015
    Posts
    231
    Thanks
    2
    Thanked
    23 times in 17 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.

  7. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    10,663
    Thanks
    1,487
    Thanked
    908 times in 782 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    From what I've read I have to agree - a bit of hyperbole to frighten investors who won't bother to understand what it actually is. And an impossibly short notice period is just a joke - something is obviously malicious about it. Even the language used is strange, they're making wild assumptions and implying things they simply cannot know, and acting like security flaws are unheard of.

  8. Received thanks from:

    Jonj1611 (13-03-2018)

  9. #7
    Long member
    Join Date
    Apr 2008
    Posts
    826
    Thanks
    37
    Thanked
    152 times in 113 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Nifl View Post
    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.
    I think the only way you'd be able to guarantee doing this is to get physical access, find a root / admin unlocked terminal and have a rubber ducky ready at your disposal. I can't see these being exploitable remotely unless you have someone surfing some very dodgy websites on the admin login and you manage to exploit their horniness.

    Maybe I'm just naive?

  10. Received thanks from:

    Millennium (13-03-2018)

  11. #8
    Bows out! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Hopefully somewhere less backstabby
    Posts
    28,789
    Thanks
    3,203
    Thanked
    4,455 times in 3,441 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

    Hmm,they look rather dodgy too:

    https://news.ycombinator.com/item?id=16576516
    https://www.reddit.com/r/Amd/comment...en_epyc_chips/

    There's far more damning evidence than that:

    24 hour disclosure instead of industry standard 90/180 day
    Domain records for "amdflaws.com" were created on the Feb, 22, 2018 for this "16 years in operation" company.
    It was also registered not directly but by "domainsbyproxy.com" thus no real contact information of the domain is public. It was used by fraudsters before.
    Amdflaws links to a YT video, with comments disabled

    YT Channel with video was just just March of this year

    This sketchy "we might have economic interest by disclosing these vulnerability" from their disclaimer

    Exploits have insane requirements like being able to defeat OEM BIOS flash protections and Windows' driver signing...
    They talk about a company called Viceroy who does dodgy stuff:

    https://m.fin24.com/Economy/treasury...kless-20180201

    Cape Town – National Treasury has spoken out against Viceroy Research, labelling its report on Capitec as reckless.

    Viceroy released a report on Capitec this week, labelling the bank a "'loan shark" and alleged the bank "engaged in reckless lending".

    In a statement released on Thursday afternoon, Treasury said: “Until two weeks ago, Viceroy operated anonymously and opaquely, and the reckless way in which it has released its report is clear proof that it is not acting in the public interest nor in the interest of financial stability in South Africa.”
    Look who is trying to push AMD stock price down:

    https://viceroyresearch.files.wordpr...3-mar-2018.pdf

    AMD – The Obituary
    Apparently they "wrote that" in a few hours.

    Apparently there is concerted effort to push AMD stock price down:

    https://www.thestreet.com/video/1446...ock-lower.html

    TheStreet's founder and Action Alerts PLUS Portfolio Manager Jim Cramer said there's a concerted effort to keep shares of Advanced Micro Devices lower.


    Those despicable Elk,stealing the pond weed!

  12. Received thanks from:

    chinf (13-03-2018),Iota (14-03-2018),Jonj1611 (13-03-2018),Ozaron (14-03-2018)

  13. #9
    Bows out! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Hopefully somewhere less backstabby
    Posts
    28,789
    Thanks
    3,203
    Thanked
    4,455 times in 3,441 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Another stinker from them:

    https://amdflaws.com/disclaimer.html

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.
    From CNET:

    https://www.cnet.com/news/amd-has-a-...aw-of-its-own/

    The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly.
    Second Edit!!

    It only was started in 2017 - umm,wasn't 2017 when Intel/AMD were told of the Spectre/Meltdown flaws?
    Last edited by g8ina; 17-03-2018 at 03:57 PM.


    Those despicable Elk,stealing the pond weed!

  14. #10
    Registered User
    Join Date
    Dec 2013
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"

  15. #11
    Bows out! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Hopefully somewhere less backstabby
    Posts
    28,789
    Thanks
    3,203
    Thanked
    4,455 times in 3,441 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by hpv9 View Post
    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"
    The domain was apparently registered in June 2017. Great timing or what??


    Those despicable Elk,stealing the pond weed!

  16. #12
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Bristol
    Posts
    2,528
    Thanks
    185
    Thanked
    184 times in 145 posts
    • jimbouk's system
      • Motherboard:
      • ASUS M5 A97 R2.0
      • CPU:
      • AMD FX-6300
      • Memory:
      • 8GB DDR3
      • Storage:
      • 128GB SSD + 500GB HDD
      • Graphics card(s):
      • AMD Radeon HD 7870
      • PSU:
      • Corsair HX 520W
      • Case:
      • Some large ATX case
      • Operating System:
      • Windows 7
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • Orange...

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Oh no - if someone flashes my bios they can change how my computer works! Or an admin on my machine can read data. Shock horror.

    Someone's earning some money from this in a dubious manner...

  17. #13
    HEXUS.staff MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    417
    Thanks
    248
    Thanked
    111 times in 73 posts
    • MLyons's system
      • Motherboard:
      • ASUS PRIME X470-PRO
      • CPU:
      • 2700x
      • Memory:
      • 16GB DDR4 Corsair RGB
      • Storage:
      • 500GB MX500 500GB HDD 2TB SSD
      • Graphics card(s):
      • EVGA SC2 1080Ti
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports
    Hmmmmmm something-smells-fishy-and-it-certainly-isnt-fish.jpg
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  18. #14
    Member
    Join Date
    Dec 2012
    Posts
    100
    Thanks
    0
    Thanked
    2 times in 2 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by philehidiot View Post
    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.
    Yeah, this looks very suspicious to me also. I mean, look at amdflaws page. Someone worked a great deal of time on it to make it very nice and easy to read - that AMD has flaws...
    To be sincere, this looks like a 1st of April joke.
    I am 99% that this is just a scam or something...

  19. #15
    Hooning about Hoonigan's Avatar
    Join Date
    Sep 2011
    Posts
    1,756
    Thanks
    125
    Thanked
    306 times in 218 posts
    • Hoonigan's system
      • Motherboard:
      • MSI Z270 Gaming M7
      • CPU:
      • Intel Core i7 7700k @ 5.0GHz (delidded)
      • Memory:
      • 32GB HyperX Predator 3200MHz (4x 8GB)
      • Storage:
      • 1TB Samsung 970 EVO NVMe + 1TB Corsair MP510 NVMe + 1TB Crucial P1 NVMe
      • Graphics card(s):
      • MSI NVIDIA GeForce RTX 2080Ti VENTUS OC
      • PSU:
      • be quiet! Straight Power 11 650W
      • Case:
      • be quiet! Dark Base Pro 900
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • ASUS ROG PG279Q (1440p, 165Hz, G-Sync)
      • Internet:
      • Virgin Media Vivid 400

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!

  20. #16
    Senior Member
    Join Date
    May 2014
    Posts
    903
    Thanks
    53
    Thanked
    114 times in 75 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Hoonigan View Post
    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!
    Considering how obvious this is a sham and a smear campaign using "vulnerabilities" that can be exploited on any processor. Back into the box you go.

    Next time, properly read the article and the thread, lest you make out yourself to be any more of a fool next time.

    On topic, there is a disclaimer in the whitepaper discussing that the paper is only opinion and not subject to facts. Theres some interesting investigations over on the AMD reddit.
    Last edited by Tabbykatze; 13-03-2018 at 10:09 PM.

Page 1 of 7 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •