AMD allegedly has its own Spectre-like security flaws

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
chrisuk

AMD allegedly has its own Spectre-like security flaws

Post by chrisuk »

https://www.cnet.com/news/amd-has-a-spe ... f-its-own/

(Mods: please delete thread if posted already)
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
michael louwe

Re: AMD allegedly has its own Spectre-like security flaws

Post by michael louwe »

More like a fake security report ... http://www.zdnet.com/article/linus-torv ... ty-report/ (15 Mar 2018 - Linus Torvalds slams CTS Labs over AMD vulnerability report)
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: AMD allegedly has its own Spectre-like security flaws

Post by mike acker »

or, for some fun watch the video that they have in this report:

Gamers Nexus
¡Viva la Resistencia!
English Invader
Level 4
Level 4
Posts: 247
Joined: Thu Apr 23, 2015 11:53 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by English Invader »

This shouldn't really come as a surprise. Intel sets the trend and AMD follows along a few years later at a reduced price point. Business as usual.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek »

As I understood it several of the alleged security issues stem from the ASMedia chip used on motherboards for Ryzen and EPYC chips. The same ASMedia chip is used for current and past generation Intel chip motherboards :roll: So as pointed out elsewhere; where are the asmediaflaws.com and intelflaws.com websites for the same issues?

And yeah, it seemed like most of the alleged security issues are of the kind "if somebody flashes your BIOS with malware ...". Requires physical access.

I'll wait for AMD's response before jumping to conclusions.
Image
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by rene »

xenopeek wrote: Sat Mar 17, 2018 5:24 am I'll wait for AMD's response before jumping to conclusions.
I'd in fact feel it advisable to lock the thread. Not good to have this forum participate in AMD stock manipulation.

To re-quote the same Google+ thread commenter that Michael's link does:
I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?
Note that's not just "being funny" but fairly much to the point. If you are able to install malicious microcode onto a system -- as is the precondition for the main of the so-called "vulnerabilities" -- it really doesn't matter; you can do anything already, and on Intel just as well as on AMD. The way the report is written also makes it very clear they are out to specifically target the AMD name, not any supposed vulnerability itself. CTS-Labs are a bunch of corrupt crooks; any attention they get other than from those investigating market manipulation is too much.
Last edited by rene on Sat Mar 17, 2018 5:04 pm, edited 1 time in total.
chrisuk

Re: AMD allegedly has its own Spectre-like security flaws

Post by chrisuk »

rene wrote: Sat Mar 17, 2018 1:42 pm I'd in fact feel it advisable to lock the thread. Not good to have this forum participate in AMD stock manipulation.
That would be a bit silly... wouldn't it be better to research/investigate/debunk/expose? Bear in mind the "allegedly" in the thread title

Further reading:

AMD And CTS Labs: A Story Of Failed Stock Manipulation
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek »

chrisuk wrote: Sat Mar 17, 2018 2:12 pmwouldn't it be better to research/investigate/debunk/expose?
I doubt many on this forum have the skills for hardware security issue analysis.
Image
chrisuk

Re: AMD allegedly has its own Spectre-like security flaws

Post by chrisuk »

xenopeek wrote: Sat Mar 17, 2018 2:38 pm
chrisuk wrote: Sat Mar 17, 2018 2:12 pmwouldn't it be better to research/investigate/debunk/expose?
I doubt many on this forum have the skills for hardware security issue analysis.
lol, I think you know what I meant... let others do the work by, for example, posting similar links to the one in my previous post. The only skill required is literacy and common sense... and assume that everyone has an agenda and is lying ;)
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: AMD allegedly has its own Spectre-like security flaws

Post by rene »

chrisuk wrote: Sat Mar 17, 2018 2:12 pm That would be a bit silly... wouldn't it be better to research/investigate/debunk/expose?
Not necessarily no. Other than xenopeek's remark just above also see English Invader's one in fourth position in this thread: he seems to be saying that certainly it was to be expected that AMD has serious and/or with Meltdown comparable issues, but this after posts in second and third position that already relay quite clearly what the actual issue is here; without paying any attention whatsoever to "research/investigation/debunking/exposition".

Research is going on already and a thread on the relatively non-technical Linux Mint forum isn't going to help; will though further emphasize the original nonsense report as exemplified above in the mentioned fourth comment -- as exemplified in any open internet discussion really -- and then double up through the so deeply in human psyche engrained "where there's smoke" fallacy.

And, yes, sure, that wouldn't be to say that I'd generally favour "locking threads" but if nothing else this was a way of saying that anyone who reads this should be aware of what it is about: finance, and not technology. I'd advise Mike Acker's above "Gamer Nexus" link (interestingly so, since I tend to shy away from anything concerning "gamer", but that's pretty substantiated reporting).
michael louwe

Re: AMD allegedly has its own Spectre-like security flaws

Post by michael louwe »

CTS Labs was pointing the finger at AMD's Platform Security Processor, which is similar to Intel's ME/AMT/vPro/Minix. Both are features used by companies' and their Windows IT Admins for Remote Computer Management. For more background information, ...
viewtopic.php?f=60&t=256656 (Re: Intel CPU? Then you're running Minix)
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: AMD allegedly has its own Spectre-like security flaws

Post by xenopeek »

AMD has just reported its findings on the bugs: https://community.amd.com/community/amd ... s-research.

In short:
  • they were able to reproduce the bugs;
  • to exploit any of these bugs an attacker needs to already have compromised the system and gained root (so you're done for already);
  • BIOS and firmware fixes will be rolled out coming weeks through a BIOS update;
  • the fixes will have no performance impact.

They divide the bugs into three groups:
  1. Masterkey & PSP Privilege Escalation: would let an attacker who has already compromised the system and gained root flash the BIOS or firmware without the PSP (AMD Secure Processor) detecting this.
  2. Ryzenfall & Fallout: would let an attacker who has already compromised the system and gained root bypass the PSP controls. This doesn't persist between reboots.
  3. Chimera: is not a bug in the AMD processor but in a ASMedia chip used commonly on Ryzen and EPYC motherboards. Like with the others, would let an attacker who has already compromised the system and gained root access all memory in the system through the chip or install malware in the chip. This doesn't persist between reboots.
Image
Locked

Return to “Open Chat”