AMD Ryzen processor vulnerability

Topic

New Reply

It’s been all over the news, but I’m not yet convinced that there’s anything there, there. Dan Goodin at Ars Technica has a technical analysis: The fl
[See the full post at: AMD Ryzen processor vulnerability]

7 users thanked author for this post.

satrow, MrBrian, AlphaCharlie, Carl D, AlexEiffel, AJNorth

Reply | Quote

Replies

Once again Da Boss demonstrates that discretion indeed is the better part of valor.

1 user thanked author for this post.

Carl D

Reply | Quote

My first thought when I read those people gave just a few hours to AMD instead of the normal 90days before disclosure was that they had bad motives. Why would you do that? So you can get publicity for those little names you gave those issues before researchers find them not important enough or have mitigated them? Or maybe you are sponsored by a competitor or someone who has an interest in seeing AMD not succeed with its new processors? That is really fishy and I applaud Woody for not contributing to the noise.

3 users thanked author for this post.

satrow, AJNorth, Carl D

Reply | Quote

Well put. I share similar feelings about this. Something is really fishy.

Some also have hypothesized it was a targeted “stock shock” towards AMD. Whoever is running and/or funding CTS behind the scenes has “shown his quality” (Faramir, from Lord of the Rings).

Part of me wouldn’t be surprised if Intel was behind this via many shell companies. But there are also a lot of so-called “security researchers” who want nothing more than to make a name for themselves. They’re not interested in things like responsible disclosure, industry courtesy, and customer protection.

Reply | Quote

So, WaaS new ! Intel ME/AMT/vPro/Minix is not secure. AMD Platform Security Processor is also not secure.

Keep in mind that both co-processors are sold as a business feature for Remote Computer Management where a Windows IT Admin can remotely power up the company’s computers at a remote location(eg at an overseas branch) to be able to even reinstall the OS remotely, as long as the remote and dormant computers are connected to the AC wall outlet and router.
Both the master and client/remote computers have to be properly setup to utilize this feature, eg enabled in BIOS firmware, password set, a specialized 3rd-party program installed, etc. Please refer to … https://www.howtogeek.com/56538/how-to-remotely-control-your-pc-even-when-it-crashes/

So, if a hacker could steal the credentials/password of such a Windows IT Admin, he/she already has the key to the “kingdom” or the company’s “treasures”, eg plant persistent malware/ransomware in all the company’s computers locally and remotely – no need to hack Intel ME/AMT or AMD PSP.

Reply | Quote

… continue ….
http://www.zdnet.com/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/ (15 Mar 2018)

Reply | Quote

Were still waiting for the whole Meltdown/Spectre thing to fire up. So far much to do about nothing. Maybe we will see more with AMD maybe not, even a validated POC doesn’t mean imminent doom.

1 user thanked author for this post.

Cybertooth

Reply | Quote

It did cross my mind that in all the furore about Spectre/Meltdown vulnerabilities, future exploits were being virtually blueprinted for anyone with the technical ability and the malice to want to circulate them.

Reply | Quote

Intel and their stockholders must be ecstatic

 

Reply | Quote

I actually do think this needs coverage but not in the regular way, but more along the lines of the “Streissand effect” against Viceroy and CTS Labs.

Viceroy are on their 3rd strike on launching a critical report to lower share values on the stock market, and are currently under investigation in Germany for one of their previous ones:

http://ewn.co.za/2018/02/01/eff-asks-parliament-to-investigate-capitec-after-viceroy-report

https://www.nytimes.com/reuters/2018/03/12/business/12reuters-prosieben-media-accounts.html

We know of many cases where software vulnerabilities are weaponized for various reasons, mostly espionage, but this seems to be the most blatant case of weaponizing software vulnerabilities to result in a tank at the stock market.

Malicious intent with previous “hit-jobs” following the same trend should ultimately result in enough bad publicity and legal consequences to render this current and future “hit-jobs” powerless.

3 users thanked author for this post.

Elly, AlexEiffel, MrBrian

Reply | Quote

Meh, another mitigation protection to disable in Windows

Reply | Quote

Is this even news?  Ryzen is first generation of a new processor architecture with only a year under its belt.  Greater amount of firmware bugs should be expected for the next couple years, and the majority of these exploits are just that and fixable.

What I don’t see in the report is any mention of legitimate hardware errors.  The one hardware problem (Chimera) affects the northbridge of the x370 chipset boards.  It’s also unclear how they could affect this outside of having physical access to the motherboard to manipulate the Direct Memory Access (DMA) channel between bridge and cpu.  Likewise their proof of concept hasn’t been capable of doing anything, only shown that they could upload arbitrary code.

This isn’t something like a 20 year flaw in architecture design, these are teething problems of a new system.

Reply | Quote

woody wrote:

It’s been all over the news, but I’m not yet convinced that there’s anything there.

Well AMD has finally come out and admitted it’s true.

https://www.theinquirer.net/inquirer/news/3028922/amd-says-security-flaws-do-exist-in-ryzen-and-epyc-cpus-but-updates-are-incoming

That puts AMD well behind Intel in the Spectre mitigation curve.  Intel has had it’s new Spectre mitigation Microcode out for ALL SandyBridge and later CPU’s since 03/12/18 and you do not have to wait for a bios update to try / apply them.  They can be applied to your CPU by Windows 7, 8, 10  and Server easily (and just as easily not applied) at boot using VMware CPU Microcode Update Drivers.

My Sandy-E I7-3820, Haswell I3-4160 and Skylake I3-6100 have all been running 32 and 64 bit Meltdown / Spectre mitigated with  the new Microcode since 03/13 without issue.  The one exception to that is FarCry 4 running on the Sandy-E 4.6 GHz system MAY not be as stable.

Viper

Reply | Quote

The company also noted the fact that these newly disclosed flaws aren’t related to the Meltdown and Spectre security vulnerabilities unearthed earlier this year by security researchers from Google Project Zero and various universities, nor the AMD “Zen” CPU architecture.

http://news.softpedia.com/news/amd-confirms-newly-found-security-flaws-in-some-of-its-chips-fixes-coming-soon-520327.shtml

1 user thanked author for this post.

hitokage

Reply | Quote