Report Claims AMD Ryzen, EPYC CPUs Contain 13 Security Flaws

[InvalidError]

No real security researcher would give a chip maker 24 hours notice. The standard is 90 days notice or more for hardware flaws ie 6 months for Spectre/Meltdown.

Notices are nothing more than courtesy, there is no binding "standard" for any particular time window. We'll see soon enough whether AMD confirms or denies the claims.

 

[valeman2012]

CTS-Labs provided AMD with only a 24-hour notice.

This is extremely shady. What could be the purpose of making such an announcement, except to spread FUD in the market and put the brakes on AMDs sales momentum?

These guys are most likely funded by Intel or individuals with a strong financial stake in Intel.

Its not a cover up or helping Intel. (even if they did there no way AMD can beat Intel for more than 30 years....AMD $2 Stocks if you remember)
I think that security company is illegally trying get money.

The Security Frim did not release any CVE (most important) and did not show clear proof instead they show us a baseless Non-Technical Video...more likey they want some sort of attention or an attack to AMD the company.

 

[redgarl]

The worst is the naming convention. Ryzenfall, Chimera, Fallout... take this into notice with everything else and you know this seems to be a scam. Anyway, why targeting AMD when they control less than 10% of the CPU business? And if you look at past Intel actions, this would fit perfectly.

https://youtu.be/osSMJRyxG0k?t=20m47s

Mother of All Program was a disgusting tactic that screwed the customers over pure capitalism interest.

 

[valeman2012]

The worst is the naming convention. Ryzenfall, Chimera, Fallout... take this into notice with everything else and you know this seems to be a scam. Anyway, why targeting AMD when they control less than 10% of the CPU business? And if you look at past Intel actions, this would fit perfectly.

https://youtu.be/osSMJRyxG0k?t=20m47s

Mother of All Program was a disgusting tactic that screwed the customers over pure capitalism interest.

\

I think the CEO of that Company need be investigated for illegal activity to gain money.

As said Intel will not be beaten by AMD even in 30 years... Those spammers that keep saying Intel cover up need be removed,

 

[wownwow]

"For the attacks to work, an attacker must
first obtain administrator access to a targeted network, Guido said."

For the car thief to steal the car, the car thief must first obtain the car key
and access to the car, Guido said.

 

[geof2001]

"asses" .. noone??

 

[wownwow]

"For the attacks to work, an attacker must
first obtain administrator access to a targeted network, Guido said."

For the car thief to steal the car, the car thief must first obtain the car key
and access to the car, Common Sense said.

 

[bigdragon]

Anyone can gain fame and fortune (maybe) from making the exact same dubious statements about Intel SGX, PTT, and ME tomorrow. What exactly is new or novel about these AMD vulnerabilities?

CTS-Labs' report is raising more red flags than it is raising legitimate concerns. I want to see technical details. Until then, CTS-Labs appears to have ulterior motives and a lack of trustworthy credentials. I think they're just trying to cash in on all the SPECTRE and MELTDOWN news by proclaiming another set of headline-grabbing vulnerabilities. RYZENFALL, FALLOUT, and MASTERKEY look like features to me -- powerful features that could be used for nefarious purposes in the wrong hands, or wielded for legitimate purposes.

CHIMERA is the only one that concerns me. The lack of technical details means it's hard to tell if that is a new concern or a mechanism to recover a locked or bricked device.

 

[Dark Lord of Tech]

Flaws galore on both platforms , it's just beginning.

 

[valeman2012]

Flaws galore on both platforms , it's just beginning.

The 13 Flaws are bogus.

I try to access their site again, they took it down now.
https://www.cts-labs.com/

Its unclear if cts-labs and amdflaws websites was use for malicious reasons.

As a Security Percolation, i recommended users who visited those 2 suspicious sites to check for malicious connections on your network

-Certificate concern on their site and other

 

[Co BIY]

Headline should have been "AMD targeted by shady claims of obvious stock manipulators"

The Linked-In of the CTS "CEO" is pretty weak for any Tech Executive and the accounts of the others in the claimed company look like fakes.

The disclaimer basically says "We are low rent stock manipulators."

- Israel has a problem in the area of financial crime enforcement -
the following from an Israeli Source (because they also have a problem of being targeted by anti-Semitic slurs)

https://www.timesofisrael.com/former-top-fbi-officer-warns-israeli-law-enforcement-lax-reforms-needed/

 

[lsatenstein]

Wow, just when AMD is announcing their 2000 series the 2700, 2700x and more, here comes news with AMD getting one day's warning.

Does that Israeli company work for Intel? The timing and buffer for disclosure is 24 hours.

There is a double standard somewhere.

 

[alextheblue]

Headline should have "unverified" in it from the start.. Anyway the article itself is going to have to be updated again soon as this story unravels.

 

[JQB45]

I say we sue the small Israeli company for putting us AMD CPU users in danger by not giving AMD the normal 90 day period to correct the issue(s).

 

[valeman2012]

I say we sue the small Israeli company for putting us AMD CPU users in danger by not giving AMD the normal 90 day period to correct the issue(s).

Its probably a verbal retaliation against United States / Donald Trump

 

[InvalidError]

Headline should have "unverified" in it from the start.. Anyway the article itself is going to have to be updated again soon as this story unravels.

Dan Guido from Trail of Bits and Gadi Everon from Cymmetria have apparently confirmed the exploits. All variants require root/admin access to exploit first to install the drivers required to gain direct access to hardware.

 

[billhperry67]

Looks like B.S. Smells like B.S. Must be B.S....

 

[AndrewJacksonZA]

Viceroy has already been "interested" in South African companies:
https://twitter.com/cataclysmza/status/973621504427651072

 

[fixxxer113]

"Ryzenfall".... Security company? More like... hilarious pun company, amirite guys?

In any case, it will be interesting to watch the rise and fall of Ryzenfall. I'M SORRY, I COULDN'T RESIST!

 

[The Paladin]

picked up in more details by CNet: https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

 

[jelco_cathlon]

Intel hack job???

 

[jelco_cathlon]

Intel hack job?????? 24 hrs notice.

 

[alyoshka]

LOL!!! I really never thought Intel could stoop so low, but now I'm glad I never spent too much dough on them. Using Ryzens now and I have no complaints what so ever. Seems like the Shylock hasn't taken too well to loosing a little loose change from his wallet. Bad losers Intel.

 

[rs.anantmishra]

Hi Guys,

I think it is nVIDIA's doing.... Intel is the obvious one to blame, though AMD has a better relationship with Intel now, with their GPU's going into Intel chips and all... and nVIDIA is the one to gain the most from a damaged Intel-AMD relationship.

Also please read the below article, it seems like nVIDIA is the one that might be butthurt here... ))

https://www.hardocp.com/article/2018/03/07/geforce_partner_program_impacts_consumer_choice

 

[Ninjawithagun]

Time for AMD to file a lawsuit. CTS-Labs won't last long after the judge rules in favor of AMD. The real culprit, (Intel or Nvidia) will slip back quietly into the dark corners.