AMD allegedly has its own Spectre-like security flaws

Chat about just about anything else
Post Reply
User avatar
chrisuk
Level 5
Level 5
Posts: 581
Joined: Thu Jun 12, 2008 6:16 am

AMD allegedly has its own Spectre-like security flaws

Post by chrisuk » Thu Mar 15, 2018 4:14 pm

https://www.cnet.com/news/amd-has-a-spe ... f-its-own/

(Mods: please delete thread if posted already)
Chris

Manjaro MATE - MX Linux - LMDE MATE

User avatar
michael louwe
Level 8
Level 8
Posts: 2329
Joined: Sun Sep 11, 2016 11:18 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by michael louwe » Thu Mar 15, 2018 4:35 pm

More like a fake security report ... http://www.zdnet.com/article/linus-torv ... ty-report/ (15 Mar 2018 - Linus Torvalds slams CTS Labs over AMD vulnerability report)

mike acker
Level 6
Level 6
Posts: 1414
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: AMD allegedly has its own Spectre-like security flaws

Post by mike acker » Thu Mar 15, 2018 7:25 pm

or, for some fun watch the video that they have in this report:

Gamers Nexus
¡Viva la Resistencia!

English Invader
Level 4
Level 4
Posts: 225
Joined: Thu Apr 23, 2015 11:53 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by English Invader » Thu Mar 15, 2018 9:05 pm

This shouldn't really come as a surprise. Intel sets the trend and AMD follows along a few years later at a reduced price point. Business as usual.

User avatar
xenopeek
Level 24
Level 24
Posts: 22476
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek » Sat Mar 17, 2018 5:24 am

As I understood it several of the alleged security issues stem from the ASMedia chip used on motherboards for Ryzen and EPYC chips. The same ASMedia chip is used for current and past generation Intel chip motherboards :roll: So as pointed out elsewhere; where are the asmediaflaws.com and intelflaws.com websites for the same issues?

And yeah, it seemed like most of the alleged security issues are of the kind "if somebody flashes your BIOS with malware ...". Requires physical access.

I'll wait for AMD's response before jumping to conclusions.
Image

rene
Level 7
Level 7
Posts: 1809
Joined: Sun Mar 27, 2016 6:58 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by rene » Sat Mar 17, 2018 1:42 pm

xenopeek wrote:
Sat Mar 17, 2018 5:24 am
I'll wait for AMD's response before jumping to conclusions.
I'd in fact feel it advisable to lock the thread. Not good to have this forum participate in AMD stock manipulation.

To re-quote the same Google+ thread commenter that Michael's link does:
I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?
Note that's not just "being funny" but fairly much to the point. If you are able to install malicious microcode onto a system -- as is the precondition for the main of the so-called "vulnerabilities" -- it really doesn't matter; you can do anything already, and on Intel just as well as on AMD. The way the report is written also makes it very clear they are out to specifically target the AMD name, not any supposed vulnerability itself. CTS-Labs are a bunch of corrupt crooks; any attention they get other than from those investigating market manipulation is too much.
Last edited by rene on Sat Mar 17, 2018 5:04 pm, edited 1 time in total.

User avatar
chrisuk
Level 5
Level 5
Posts: 581
Joined: Thu Jun 12, 2008 6:16 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by chrisuk » Sat Mar 17, 2018 2:12 pm

rene wrote:
Sat Mar 17, 2018 1:42 pm
I'd in fact feel it advisable to lock the thread. Not good to have this forum participate in AMD stock manipulation.
That would be a bit silly... wouldn't it be better to research/investigate/debunk/expose? Bear in mind the "allegedly" in the thread title

Further reading:

AMD And CTS Labs: A Story Of Failed Stock Manipulation
Chris

Manjaro MATE - MX Linux - LMDE MATE

User avatar
xenopeek
Level 24
Level 24
Posts: 22476
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek » Sat Mar 17, 2018 2:38 pm

chrisuk wrote:
Sat Mar 17, 2018 2:12 pm
wouldn't it be better to research/investigate/debunk/expose?
I doubt many on this forum have the skills for hardware security issue analysis.
Image

User avatar
chrisuk
Level 5
Level 5
Posts: 581
Joined: Thu Jun 12, 2008 6:16 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by chrisuk » Sat Mar 17, 2018 2:53 pm

xenopeek wrote:
Sat Mar 17, 2018 2:38 pm
chrisuk wrote:
Sat Mar 17, 2018 2:12 pm
wouldn't it be better to research/investigate/debunk/expose?
I doubt many on this forum have the skills for hardware security issue analysis.
lol, I think you know what I meant... let others do the work by, for example, posting similar links to the one in my previous post. The only skill required is literacy and common sense... and assume that everyone has an agenda and is lying ;)
Chris

Manjaro MATE - MX Linux - LMDE MATE

rene
Level 7
Level 7
Posts: 1809
Joined: Sun Mar 27, 2016 6:58 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by rene » Sat Mar 17, 2018 3:16 pm

chrisuk wrote:
Sat Mar 17, 2018 2:12 pm
That would be a bit silly... wouldn't it be better to research/investigate/debunk/expose?
Not necessarily no. Other than xenopeek's remark just above also see English Invader's one in fourth position in this thread: he seems to be saying that certainly it was to be expected that AMD has serious and/or with Meltdown comparable issues, but this after posts in second and third position that already relay quite clearly what the actual issue is here; without paying any attention whatsoever to "research/investigation/debunking/exposition".

Research is going on already and a thread on the relatively non-technical Linux Mint forum isn't going to help; will though further emphasize the original nonsense report as exemplified above in the mentioned fourth comment -- as exemplified in any open internet discussion really -- and then double up through the so deeply in human psyche engrained "where there's smoke" fallacy.

And, yes, sure, that wouldn't be to say that I'd generally favour "locking threads" but if nothing else this was a way of saying that anyone who reads this should be aware of what it is about: finance, and not technology. I'd advise Mike Acker's above "Gamer Nexus" link (interestingly so, since I tend to shy away from anything concerning "gamer", but that's pretty substantiated reporting).

User avatar
michael louwe
Level 8
Level 8
Posts: 2329
Joined: Sun Sep 11, 2016 11:18 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by michael louwe » Sat Mar 17, 2018 4:06 pm

CTS Labs was pointing the finger at AMD's Platform Security Processor, which is similar to Intel's ME/AMT/vPro/Minix. Both are features used by companies' and their Windows IT Admins for Remote Computer Management. For more background information, ...
viewtopic.php?f=60&t=256656 (Re: Intel CPU? Then you're running Minix)

User avatar
xenopeek
Level 24
Level 24
Posts: 22476
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek » Tue Mar 20, 2018 5:55 pm

AMD has just reported its findings on the bugs: https://community.amd.com/community/amd ... s-research.

In short:
  • they were able to reproduce the bugs;
  • to exploit any of these bugs an attacker needs to already have compromised the system and gained root (so you're done for already);
  • BIOS and firmware fixes will be rolled out coming weeks through a BIOS update;
  • the fixes will have no performance impact.

They divide the bugs into three groups:
  1. Masterkey & PSP Privilege Escalation: would let an attacker who has already compromised the system and gained root flash the BIOS or firmware without the PSP (AMD Secure Processor) detecting this.
  2. Ryzenfall & Fallout: would let an attacker who has already compromised the system and gained root bypass the PSP controls. This doesn't persist between reboots.
  3. Chimera: is not a bug in the AMD processor but in a ASMedia chip used commonly on Ryzen and EPYC motherboards. Like with the others, would let an attacker who has already compromised the system and gained root access all memory in the system through the chip or install malware in the chip. This doesn't persist between reboots.
Image

Post Reply

Return to “Open chat”