AMD allegedly has its own Spectre-like security flaws
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
AMD allegedly has its own Spectre-like security flaws
https://www.cnet.com/news/amd-has-a-spe ... f-its-own/
(Mods: please delete thread if posted already)
(Mods: please delete thread if posted already)
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Re: AMD allegedly has its own Spectre-like security flaws
More like a fake security report ... http://www.zdnet.com/article/linus-torv ... ty-report/ (15 Mar 2018 - Linus Torvalds slams CTS Labs over AMD vulnerability report)
-
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: AMD allegedly has its own Spectre-like security flaws
¡Viva la Resistencia!
-
- Level 4
- Posts: 247
- Joined: Thu Apr 23, 2015 11:53 am
Re: AMD allegedly has its own Spectre-like security flaws
This shouldn't really come as a surprise. Intel sets the trend and AMD follows along a few years later at a reduced price point. Business as usual.
Re: AMD allegedly has its own Spectre-like security flaws
As I understood it several of the alleged security issues stem from the ASMedia chip used on motherboards for Ryzen and EPYC chips. The same ASMedia chip is used for current and past generation Intel chip motherboards So as pointed out elsewhere; where are the asmediaflaws.com and intelflaws.com websites for the same issues?
And yeah, it seemed like most of the alleged security issues are of the kind "if somebody flashes your BIOS with malware ...". Requires physical access.
I'll wait for AMD's response before jumping to conclusions.
And yeah, it seemed like most of the alleged security issues are of the kind "if somebody flashes your BIOS with malware ...". Requires physical access.
I'll wait for AMD's response before jumping to conclusions.
Re: AMD allegedly has its own Spectre-like security flaws
I'd in fact feel it advisable to lock the thread. Not good to have this forum participate in AMD stock manipulation.
To re-quote the same Google+ thread commenter that Michael's link does:
Note that's not just "being funny" but fairly much to the point. If you are able to install malicious microcode onto a system -- as is the precondition for the main of the so-called "vulnerabilities" -- it really doesn't matter; you can do anything already, and on Intel just as well as on AMD. The way the report is written also makes it very clear they are out to specifically target the AMD name, not any supposed vulnerability itself. CTS-Labs are a bunch of corrupt crooks; any attention they get other than from those investigating market manipulation is too much.I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?
Last edited by rene on Sat Mar 17, 2018 5:04 pm, edited 1 time in total.
Re: AMD allegedly has its own Spectre-like security flaws
That would be a bit silly... wouldn't it be better to research/investigate/debunk/expose? Bear in mind the "allegedly" in the thread title
Further reading:
AMD And CTS Labs: A Story Of Failed Stock Manipulation
Re: AMD allegedly has its own Spectre-like security flaws
lol, I think you know what I meant... let others do the work by, for example, posting similar links to the one in my previous post. The only skill required is literacy and common sense... and assume that everyone has an agenda and is lying
Re: AMD allegedly has its own Spectre-like security flaws
Not necessarily no. Other than xenopeek's remark just above also see English Invader's one in fourth position in this thread: he seems to be saying that certainly it was to be expected that AMD has serious and/or with Meltdown comparable issues, but this after posts in second and third position that already relay quite clearly what the actual issue is here; without paying any attention whatsoever to "research/investigation/debunking/exposition".
Research is going on already and a thread on the relatively non-technical Linux Mint forum isn't going to help; will though further emphasize the original nonsense report as exemplified above in the mentioned fourth comment -- as exemplified in any open internet discussion really -- and then double up through the so deeply in human psyche engrained "where there's smoke" fallacy.
And, yes, sure, that wouldn't be to say that I'd generally favour "locking threads" but if nothing else this was a way of saying that anyone who reads this should be aware of what it is about: finance, and not technology. I'd advise Mike Acker's above "Gamer Nexus" link (interestingly so, since I tend to shy away from anything concerning "gamer", but that's pretty substantiated reporting).
Re: AMD allegedly has its own Spectre-like security flaws
CTS Labs was pointing the finger at AMD's Platform Security Processor, which is similar to Intel's ME/AMT/vPro/Minix. Both are features used by companies' and their Windows IT Admins for Remote Computer Management. For more background information, ...
viewtopic.php?f=60&t=256656 (Re: Intel CPU? Then you're running Minix)
viewtopic.php?f=60&t=256656 (Re: Intel CPU? Then you're running Minix)
Re: AMD allegedly has its own Spectre-like security flaws
AMD has just reported its findings on the bugs: https://community.amd.com/community/amd ... s-research.
In short:
They divide the bugs into three groups:
In short:
- they were able to reproduce the bugs;
- to exploit any of these bugs an attacker needs to already have compromised the system and gained root (so you're done for already);
- BIOS and firmware fixes will be rolled out coming weeks through a BIOS update;
- the fixes will have no performance impact.
They divide the bugs into three groups:
- Masterkey & PSP Privilege Escalation: would let an attacker who has already compromised the system and gained root flash the BIOS or firmware without the PSP (AMD Secure Processor) detecting this.
- Ryzenfall & Fallout: would let an attacker who has already compromised the system and gained root bypass the PSP controls. This doesn't persist between reboots.
- Chimera: is not a bug in the AMD processor but in a ASMedia chip used commonly on Ryzen and EPYC motherboards. Like with the others, would let an attacker who has already compromised the system and gained root access all memory in the system through the chip or install malware in the chip. This doesn't persist between reboots.