Page 1 of 7 1234 ... LastLast
Results 1 to 16 of 101

Thread: AMD processors impacted by 13 serious flaws, says CTS Labs

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    AMD processors impacted by 13 serious flaws, says CTS Labs

    Four classes of security vulnerabilities exist in Ryzen and EPYC, says cyber-security firm.
    Read more.

  2. #2
    Senior Member
    Join Date
    Jul 2016
    Location
    My happy place
    Posts
    230
    Thanks
    75
    Thanked
    16 times in 14 posts
    • afiretruck's system
      • Motherboard:
      • Gigabyte X399 Designare Ex
      • CPU:
      • AMD Threadripper 1900X
      • Memory:
      • Corsair 32GB 3200MHz
      • Storage:
      • 2x 250GB NVMe + 2x 1TB SATA
      • Graphics card(s):
      • RX Vega 64 + GTX 970
      • PSU:
      • Corsair RMi 850
      • Case:
      • Fractal Design Define R6
      • Operating System:
      • Linux Mint 19
      • Monitor(s):
      • Screeny

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.

  3. Received thanks from:

    Jonj1611 (13-03-2018)

  4. #3
    Senior Member
    Join Date
    Feb 2017
    Posts
    246
    Thanks
    3
    Thanked
    17 times in 17 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Coincidentally this has been released just before AMD is about to release the new Ryzen 2 chips.

  5. #4
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.

  6. #5
    Senior Member
    Join Date
    Nov 2015
    Posts
    327
    Thanks
    2
    Thanked
    26 times in 20 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.

  7. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    From what I've read I have to agree - a bit of hyperbole to frighten investors who won't bother to understand what it actually is. And an impossibly short notice period is just a joke - something is obviously malicious about it. Even the language used is strange, they're making wild assumptions and implying things they simply cannot know, and acting like security flaws are unheard of.

  8. Received thanks from:

    Jonj1611 (13-03-2018)

  9. #7
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Nifl View Post
    Ummm... all these "exploits" require an admin to run or install something. This is beyond silly. I also think that this is an Intel-sponsored thing.
    I think the only way you'd be able to guarantee doing this is to get physical access, find a root / admin unlocked terminal and have a rubber ducky ready at your disposal. I can't see these being exploitable remotely unless you have someone surfing some very dodgy websites on the admin login and you manage to exploit their horniness.

    Maybe I'm just naive?

  10. Received thanks from:

    Millennium (13-03-2018)

  11. #8
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,039
    Thanks
    3,910
    Thanked
    5,224 times in 4,015 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    So,where is the corresponding Intelflaws?? Maybe someone can investigate what links this company might have with Intel.

    Hmm,they look rather dodgy too:

    https://news.ycombinator.com/item?id=16576516
    https://www.reddit.com/r/Amd/comment...en_epyc_chips/

    There's far more damning evidence than that:

    24 hour disclosure instead of industry standard 90/180 day
    Domain records for "amdflaws.com" were created on the Feb, 22, 2018 for this "16 years in operation" company.
    It was also registered not directly but by "domainsbyproxy.com" thus no real contact information of the domain is public. It was used by fraudsters before.
    Amdflaws links to a YT video, with comments disabled

    YT Channel with video was just just March of this year

    This sketchy "we might have economic interest by disclosing these vulnerability" from their disclaimer

    Exploits have insane requirements like being able to defeat OEM BIOS flash protections and Windows' driver signing...
    They talk about a company called Viceroy who does dodgy stuff:

    https://m.fin24.com/Economy/treasury...kless-20180201

    Cape Town – National Treasury has spoken out against Viceroy Research, labelling its report on Capitec as reckless.

    Viceroy released a report on Capitec this week, labelling the bank a "'loan shark" and alleged the bank "engaged in reckless lending".

    In a statement released on Thursday afternoon, Treasury said: “Until two weeks ago, Viceroy operated anonymously and opaquely, and the reckless way in which it has released its report is clear proof that it is not acting in the public interest nor in the interest of financial stability in South Africa.”
    Look who is trying to push AMD stock price down:

    https://viceroyresearch.files.wordpr...3-mar-2018.pdf

    AMD – The Obituary
    Apparently they "wrote that" in a few hours.

    Apparently there is concerted effort to push AMD stock price down:

    https://www.thestreet.com/video/1446...ock-lower.html

    TheStreet's founder and Action Alerts PLUS Portfolio Manager Jim Cramer said there's a concerted effort to keep shares of Advanced Micro Devices lower.

  12. Received thanks from:

    chinf (13-03-2018),Iota (14-03-2018),Jonj1611 (13-03-2018),Ozaron (14-03-2018)

  13. #9
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,039
    Thanks
    3,910
    Thanked
    5,224 times in 4,015 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Another stinker from them:

    https://amdflaws.com/disclaimer.html

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.
    From CNET:

    https://www.cnet.com/news/amd-has-a-...aw-of-its-own/

    The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly.
    Second Edit!!

    It only was started in 2017 - umm,wasn't 2017 when Intel/AMD were told of the Spectre/Meltdown flaws?
    Last edited by g8ina; 17-03-2018 at 03:57 PM.

  14. #10
    Registered User
    Join Date
    Dec 2013
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"

  15. #11
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,039
    Thanks
    3,910
    Thanked
    5,224 times in 4,015 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by hpv9 View Post
    toms hardware says "CTS-Labs released the information in an unusual fashion. Typically, semiconductor vendors are given 90 days to respond to vulnerabilities before they're disclosed to the public, but CTS-Labs provided AMD with only a 24-hour notice"
    The domain was apparently registered in June 2017. Great timing or what??

  16. #12
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Bristol
    Posts
    3,069
    Thanks
    319
    Thanked
    278 times in 226 posts
    • jimbouk's system
      • Motherboard:
      • Asrock B450M-HDV R4.0
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4 3200 MHz C16
      • Storage:
      • Sabrent Rocket Q 1TB NVMe PCIe M.2 2280
      • Graphics card(s):
      • Sapphire Pulse RX 580 8GB
      • PSU:
      • Seasonic Core Gold GC-650
      • Case:
      • Lian-Li PC-V1100 ATX
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC CU34G2/BK 34" Widescreen
      • Internet:
      • EE FTC

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Oh no - if someone flashes my bios they can change how my computer works! Or an admin on my machine can read data. Shock horror.

    Someone's earning some money from this in a dubious manner...

  17. #13
    Administrator MLyons's Avatar
    Join Date
    Feb 2017
    Posts
    473
    Thanks
    310
    Thanked
    156 times in 92 posts
    • MLyons's system
      • Motherboard:
      • ASUS PRIME X470-PRO
      • CPU:
      • 2700x
      • Memory:
      • 16GB DDR4 Corsair RGB
      • Storage:
      • 500GB MX500 500GB HDD 2TB SSD
      • Graphics card(s):
      • EVGA SC2 1080Ti
      • PSU:
      • Corsair tx650
      • Case:
      • Corsair Air 540
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 2 Asus 1080p

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports
    Hmmmmmm something-smells-fishy-and-it-certainly-isnt-fish.jpg
    Half dev, Half doge. Some say DevDoge

    Feel free to message me if you find any bugs or have any suggestions.
    If you need me urgently, PM me
    If something is/was broke it was probably me. ¯\_(ツ)_/¯

  18. #14
    Member
    Join Date
    Dec 2012
    Posts
    151
    Thanks
    0
    Thanked
    6 times in 5 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by philehidiot View Post
    Quote Originally Posted by afiretruck View Post
    So, if I understood this correctly, you either need local admin rights or physical access (and a possible BIOS passphrase?) to be able to take advantage of these vulnerabilities? Or does Chimera only require the signed driver to be loaded?

    If so, these are nothing like as bad as Specter and Meltdown, thankfully.

    Also, it sounds like most of these can be fixed with firmware updates.
    I wonder if Intel has employed the services of CTS? A dedicated microsite called "amdflaws"?! This after AMD processors aren't hit as badly by the Spectre/Meltdown issues and get better publicity over it.

    Fishy.
    Yeah, this looks very suspicious to me also. I mean, look at amdflaws page. Someone worked a great deal of time on it to make it very nice and easy to read - that AMD has flaws...
    To be sincere, this looks like a 1st of April joke.
    I am 99% that this is just a scam or something...

  19. #15
    Hooning about Hoonigan's Avatar
    Join Date
    Sep 2011
    Posts
    2,308
    Thanks
    171
    Thanked
    442 times in 316 posts
    • Hoonigan's system
      • Motherboard:
      • MSI MEG X570 ACE
      • CPU:
      • AMD Ryzen 7 5800X3D
      • Memory:
      • 32GB Corsair Dominator Platinum RGB
      • Storage:
      • 2x 2TB Gigabyte NVMe 4.0
      • Graphics card(s):
      • PALIT NVIDIA RTX 3070Ti Gaming Pro
      • PSU:
      • be quiet! Straight Power 11 Platinum 750W
      • Case:
      • Corsair Crystal Series 680X
      • Operating System:
      • Windows 11 x64
      • Monitor(s):
      • Acer Predator Z35P + ASUS ROG PG279Q
      • Internet:
      • Giganet (City Fibre) 900/900

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!

  20. #16
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: AMD processors impacted by 13 serious flaws, says CTS Labs

    Quote Originally Posted by Hoonigan View Post
    To all of those that were singing AMD's praises when this came out about Intel a few weeks ago..

    PAHAHAHAHAHAHAHAHHHAHAHAAHAHAHA!!!!11!!11!!!!11ONEONE!!!1!!111!!!1ONE!!!!ONEONEONE!!!!11!!!!!!!
    Considering how obvious this is a sham and a smear campaign using "vulnerabilities" that can be exploited on any processor. Back into the box you go.

    Next time, properly read the article and the thread, lest you make out yourself to be any more of a fool next time.

    On topic, there is a disclaimer in the whitepaper discussing that the paper is only opinion and not subject to facts. Theres some interesting investigations over on the AMD reddit.
    Last edited by Tabbykatze; 13-03-2018 at 10:09 PM.

Page 1 of 7 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •