Page 1 of 1

New AMD Chip Faults

PostPosted: 2018-03-14 10:20
by mike acker
AMD Ryzen and EPYC platforms at risk: More than a dozen critical security flaws discovered

Source: URL: Techspot 2018093-14 Shawn Knight


Israeli-based security company CTS-Labs on Tuesday said it has discovered 13 critical security vulnerabilities and exploitable manufacturer backdoors impacting AMD’s latest EPYC, Ryzen, Ryzen Pro and Ryzen Mobile lines of processors.

CTS has classified the vulnerabilities, which it found over the course of a six-month investigation, into four categories they’re calling Ryzenfall, Masterkey, Fallout and Chimera.

Full details on each vulnerability can be found in CTS’ 20-page whitepaper (our brief summary can be read below, too). Fortunately, specific technical details that could be used to exploit the vulnerabilities have been omitted. It’s also worth noting that AMD has been made aware of the issues, as have “select security companies” that could help mitigate the fallout and US regulators.

......always seems to be a Good Plan to let new technology settle a bit before adopting

Re: New AMD Chip Faults

PostPosted: 2018-03-14 10:45
by mike acker
A raft of flaws in AMD chips makes bad hacks much, much worse
AMD says its Secure Processor is impenetrable. Instead, it can harbor malware.

Take care to read the whole article, reference following: There are open questions.

Source: URL: Ars Technica Dan Goodin - 3/13/2018, 5:07 PM

The advisory came with its own disclaimer that CTS—the Israeli research organization that published the report—"may have, either directly or indirectly, an economic interest in the performance" of the stock of AMD or other companies. It also discloses that its contents were all statements of opinion and "not statements of fact." Critics have said the disclaimers, which are highly unusual in security reports, are signs that the report is exaggerating the severity of the vulnerabilities in a blatant attempt to influence the stock price of AMD and possibly other companies. Critics also faulted the researchers for giving AMD just 24 hours to review the report before it went public and using a dedicated-website to bring attention to the flaws.


The flaws—in AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that's difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners' long-term security. Among other things, the feats include:

Running persistent malware inside the AMD Secure Processor that's impossible—or nearly impossible—to detect
Bypassing advanced protections such as AMD's Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event that malware infects a computer's operating system
Stealing credentials a vulnerable computer uses to access networks
Physically destroying hardware by attackers in hardware-based "ransomware" scenarios

I have carefully used ONLY AMD chips in both purchased machines and in my own builds for a good many years. I see these faults as just teething troubles. I was thinking of starting to roll out RYZEN chips sometime in 2019 -- hopefully with Debian 10. However it may take a year for AMD to clean up the RYZEN design.

Clearly we'll be keeping a close eye on this. I hope it doesn't wipe out AMD.

Hopefully the follow is good info:
...require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that's difficult but by no means impossible to clear.
( emphasis added )

If that's true the chip problems may be un-important: If I get Admin rights on any box I can do serious mischief and I don't need a chip error to do it. The chip error is just another place to hide my work -- like the old un-used sector space in windows malware

Re: New AMD Chip Faults

PostPosted: 2018-03-14 13:21
by Pick2

Re: New AMD Chip Faults

PostPosted: 2018-03-14 13:59
by Wheelerof4te
Linus's stance on this
I agree, this seems like a convinient way to lower AMD's stock value. Intel just wanted revenge, they don't care about morals or credibility. I'm all in for boycoting Intel's producs after this...slander.

Re: New AMD Chip Faults

PostPosted: 2018-03-14 14:09
by mike acker
Pick2 wrote:False News , the whole CTS company is a scam.

Further reading: ... s.2540299/ ... h-cts-labs

good post

more info will likely become available in the coming days.

this article touches on money:
OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Reached by phone, John Fraser Perring, founder of Viceroy Research, which describes itself as "a group of individuals that see the world differently," confirmed to The Register that his firm has a short position in AMD stock and that he intends to increase that position in light of support for CTS-Labs' findings.

(emphasis added)

I'm beginning to suspect this gig could be an effort to scam the stock price

Re: New AMD Chip Faults

PostPosted: 2018-03-14 14:26
by acewiza
There is no corner of objective reality not salted with money-grubbers.

What was that "root-of-all-evil" thing again?

Re: New AMD Chip Faults

PostPosted: 2018-03-14 19:37
by stevepusser
Jarek Cora
In other news, security researchers discovered a critical vulnerability affecting all padlocks. If an intruder has unlimited physical access to a padlock and a perfect copy of the original key, he can unlock the padlock!

Re: New AMD Chip Faults

PostPosted: 2018-03-14 20:01
by mike acker
acewiza wrote:There is no corner of objective reality not salted with money-grubbers.

What was that "root-of-all-evil" thing again?

the more i check on this the more i smell cash:

C/Net essay

Security researchers also criticized the white paper published by CTS-Labs for lacking any technical details describing the vulnerabilities. CTS-Labs said it sent the technical report to Dan Guido, an independent security researcher and the CEO of Trail of Bits.

Guido said the company sent him the details last week, and added that the threats were legitimate.

Guido also said CTS-Labs paid him the company's "week rate for the work." Reuters reported that CTS-Labs paid him about $16,000 for the review. The company only recently started in 2017, with no history in cybersecurity, and only six employees, according to its CFO.

hmmmmmmmmmmmm$$$$$$$$$ :twisted:

I've not seen any verification on this other than this Dan Guido :?:

link to Viceroy Research Report ( yuk )

Now: For some Fun!!

Gamers Nexus Report

Watch the video -- it's a hoot :D