Page 1 of 7 1234 ... LastLast
Results 1 to 16 of 101

Thread: AMD processors impacted by 13 serious flaws, says CTS Labs

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,399
    Thanks
    0
    Thanked
    1,693 times in 587 posts

    AMD processors impacted by 13 serious flaws, says CTS Labs

    Four classes of security vulnerabilities exist in Ryzen and EPYC, says cyber-security firm.
    Read more.

  2. #2
    Member
    Join Date
    Jul 2016
    Location
    My happy place
    Posts
    124
    Thanks
    31
    Thanked
    7 times in 7 posts
    • afiretruck's system
      • Motherboard:
      • Gigabyte X399 Designare Ex
      • CPU:
      • AMD Threadripper 1900X
      • Memory:
      • Corsair 32GB 3200MHz
      • Storage:
      • 500GB NVMe RAID 5 + 6TB HDD RAID 10
      • Graphics card(s):
      • RX Vega 64 (Linux), GTX 980Ti (Windows VM)
      • PSU:
      • Corsair RMi 850
      • Case:
      • Thermaltake Core X71
      • Operating System:
      • Arch Linux (Antergos)

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.

  3. Received thanks from:

    Jonj1611 (13-03-2018)

  4. #3
    Member
    Join Date
    Feb 2017
    Posts
    123
    Thanks
    3
    Thanked
    4 times in 4 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Coincidentally this has been released just before AMD is about to release the new Ryzen 2 chips.

  5. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    509
    Thanks
    23
    Thanked
    98 times in 72 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.

  6. #5
    Senior Member
    Join Date
    Nov 2015
    Posts
    225
    Thanks
    2
    Thanked
    23 times in 17 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.

  7. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    10,552
    Thanks
    1,478
    Thanked
    894 times in 773 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    From what I've read I have to agree - a bit of hyperbole to frighten investors who won't bother to understand what it actually is. And an impossibly short notice period is just a joke - something is obviously malicious about it. Even the language used is strange, they're making wild assumptions and implying things they simply cannot know, and acting like security flaws are unheard of.

  8. Received thanks from:

    Jonj1611 (13-03-2018)

  9. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    509
    Thanks
    23
    Thanked
    98 times in 72 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Nifl View Post
    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.
    I think the only way you'd be able to guarantee doing this is to get physical access, find a root / admin unlocked terminal and have a rubber ducky ready at your disposal. I can't see these being exploitable remotely unless you have someone surfing some very dodgy websites on the admin login and you manage to exploit their horniness.

    Maybe I'm just naive?

  10. Received thanks from:

    Millennium (13-03-2018)

  11. #8
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

    Hmm,they look rather dodgy too:

    https://news.ycombinator.com/item?id=16576516
    https://www.reddit.com/r/Amd/comment...en_epyc_chips/

    There's far more damning evidence than that:

    24 hour disclosure instead of industry standard 90/180 day
    Domain records for "amdflaws.com" were created on the Feb, 22, 2018 for this "16 years in operation" company.
    It was also registered not directly but by "domainsbyproxy.com" thus no real contact information of the domain is public. It was used by fraudsters before.
    Amdflaws links to a YT video, with comments disabled

    YT Channel with video was just just March of this year

    This sketchy "we might have economic interest by disclosing these vulnerability" from their disclaimer

    Exploits have insane requirements like being able to defeat OEM BIOS flash protections and Windows' driver signing...
    They talk about a company called Viceroy who does dodgy stuff:

    https://m.fin24.com/Economy/treasury...kless-20180201

    Cape Town – National Treasury has spoken out against Viceroy Research, labelling its report on Capitec as reckless.

    Viceroy released a report on Capitec this week, labelling the bank a "'loan shark" and alleged the bank "engaged in reckless lending".

    In a statement released on Thursday afternoon, Treasury said: “Until two weeks ago, Viceroy operated anonymously and opaquely, and the reckless way in which it has released its report is clear proof that it is not acting in the public interest nor in the interest of financial stability in South Africa.”
    Look who is trying to push AMD stock price down:

    https://viceroyresearch.files.wordpr...3-mar-2018.pdf

    AMD – The Obituary
    Apparently they "wrote that" in a few hours.

    Apparently there is concerted effort to push AMD stock price down:

    https://www.thestreet.com/video/1446...ock-lower.html

    TheStreet's founder and Action Alerts PLUS Portfolio Manager Jim Cramer said there's a concerted effort to keep shares of Advanced Micro Devices lower.


    Those despicable Elk,stealing the pond weed!

  12. Received thanks from:

    chinf (13-03-2018),Iota (14-03-2018),Jonj1611 (13-03-2018),Ozaron (14-03-2018)

  13. #9
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Another stinker from them:

    https://amdflaws.com/disclaimer.html

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.
    From CNET:

    https://www.cnet.com/news/amd-has-a-...aw-of-its-own/

    The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly.
    Second Edit!!

    It only was started in 2017 - umm,wasn't 2017 when Intel/AMD were told of the Spectre/Meltdown flaws?
    Last edited by g8ina; 17-03-2018 at 03:57 PM.


    Those despicable Elk,stealing the pond weed!

  14. #10
    Registered User
    Join Date
    Dec 2013
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"

  15. #11
    £1000 Tesco Value Beer CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Moosetopia
    Posts
    28,384
    Thanks
    3,144
    Thanked
    4,373 times in 3,389 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by hpv9 View Post
    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"
    The domain was apparently registered in June 2017. Great timing or what??


    Those despicable Elk,stealing the pond weed!

  16. #12
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Bristol
    Posts
    2,518
    Thanks
    185
    Thanked
    183 times in 144 posts
    • jimbouk's system
      • Motherboard:
      • ASUS M5 A97 R2.0
      • CPU:
      • AMD FX-6300
      • Memory:
      • 8GB DDR3
      • Storage:
      • 128GB SSD + 500GB HDD
      • Graphics card(s):
      • AMD Radeon HD 7870
      • PSU:
      • Corsair HX 520W
      • Case:
      • Some large ATX case
      • Operating System:
      • Windows 7
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • Orange...

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Oh no - if someone flashes my bios they can change how my computer works! Or an admin on my machine can read data. Shock horror.

    Someone's earning some money from this in a dubious manner...

  17. #13
    HEXUS.staff MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    393
    Thanks
    239
    Thanked
    109 times in 71 posts
    • MLyons's system
      • Motherboard:
      • ASUS PRIME X470-PRO
      • CPU:
      • 2700x
      • Memory:
      • 16GB DDR4 Corsair RGB
      • Storage:
      • 500GB MX500 500GB HDD 2TB SSD
      • Graphics card(s):
      • EVGA SC2 1080Ti
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports
    Hmmmmmm something-smells-fishy-and-it-certainly-isnt-fish.jpg
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  18. #14
    Registered+
    Join Date
    Dec 2012
    Posts
    89
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by philehidiot View Post
    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.
    Yeah, this looks very suspicious to me also. I mean, look at amdflaws page. Someone worked a great deal of time on it to make it very nice and easy to read - that AMD has flaws...
    To be sincere, this looks like a 1st of April joke.
    I am 99% that this is just a scam or something...

  19. #15
    Hooning about Hoonigan's Avatar
    Join Date
    Sep 2011
    Location
    Renfrew, Scotland.
    Posts
    1,677
    Thanks
    125
    Thanked
    293 times in 206 posts
    • Hoonigan's system
      • Motherboard:
      • MSI Z270 Gaming M7
      • CPU:
      • Intel Core i7 7700k @ 5.0GHz
      • Memory:
      • 32GB Ballistix Tactical Tracer RGB DDR4 3133MHz
      • Storage:
      • 1TB Samsung 970 EVO + 512GB XPG S10
      • Graphics card(s):
      • MSI GTX1080Ti GAMING X TRIO
      • PSU:
      • be quiet! Straight Power 11 650W
      • Case:
      • be quiet! Dark Base Pro 900
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • LG 34UM95-P + ASUS ROG PG279Q
      • Internet:
      • Virgin Media Vivid 400

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!

  20. #16
    Senior Member
    Join Date
    May 2014
    Posts
    767
    Thanks
    45
    Thanked
    97 times in 61 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Hoonigan View Post
    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!
    Considering how obvious this is a sham and a smear campaign using "vulnerabilities" that can be exploited on any processor. Back into the box you go.

    Next time, properly read the article and the thread, lest you make out yourself to be any more of a fool next time.

    On topic, there is a disclaimer in the whitepaper discussing that the paper is only opinion and not subject to facts. Theres some interesting investigations over on the AMD reddit.
    Last edited by Tabbykatze; 13-03-2018 at 10:09 PM.

Page 1 of 7 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •