Stories
Slash Boxes
Comments

SoylentNews is people

CTS-Labs Identifies Vulnerabilities in AMD Chips, Gives AMD Just 24 Hours' Notice

posted by martyb on Wednesday March 14 2018, @12:34PM   Printer-friendly
from the I'm-going-back-to-using-an-Abacus dept.

takyon writes:

Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice

Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.

[...] At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned 'announcement' has been in the works for a little while, seemingly with little regard for AMD's response on the issue. This is compared to Meltdown and Spectre, which was shared among the affected companies several months before a planned public disclosure. CTS-Labs has also hired a PR firm to deal with incoming requests for information, which is also an interesting avenue to the story, as this is normally not the route these security companies take. CTS-Labs is a security focused research firm, but does not disclose its customers or research leading to this disclosure. CTS-Labs was started in 2017, and this is their first public report.

CTS-Labs' claims revolve around AMD's Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within.

Severe Security Advisory on AMD Processors from CTS.

Also at Tom's Hardware, Motherboard, BGR, Reuters, and Ars Technica.

Original Submission

 
This discussion has been archived. No new comments can be posted.
CTS-Labs Identifies Vulnerabilities in AMD Chips, Gives AMD Just 24 Hours' Notice | Log In/Create an Account | Top | 50 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by takyon on Wednesday March 14 2018, @03:01PM

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Wednesday March 14 2018, @03:01PM (#652395) Journal

    I would like to see the next bragging rights be about how many cores your system has instead of a nominal (sometimes meaningless) increase in clock speed. What? Your system has only 64 cores? Well my system has 96 cores, so there! Etc.

    With the Ryzen/Threadripper and Core i9 launches, we've pretty much gotten to that point. And the wide availability of 8+ cores will hopefully lead to more parallelism where possible.

    As for the baggage, maybe Intel could do something silly like use EMIB to put ARM cores on every x86 chip. Or make their chips more FPGA-like. But I expect they will just accumulate more baggage, save for some features cut down due to known security risks.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2