Notebookcheck

AMD acknowledges CTS Labs exploits, will fix them in the next weeks

CTS Labs classified the 13 vulnerabilities in 4 greater classes. (Source: CTS Labs)
CTS Labs classified the 13 vulnerabilities in 4 greater classes. (Source: CTS Labs)
It took AMD more than one week to fully assess the CTS Labs report regarding 13 vulnerabilities found in all Ryzen and EPYC processors, but at least AMD's official position dismisses any claims that these vulnerabilities are critical and need immediate action. According to AMD, these exploits are to be fixed with simple firmware updates released through new BIOS versions in the coming weeks.

Last week, security research company CTS Labs reported its findings regarding 13 critical vulnerabilities that come with AMD’s Ryzen and EPYC processors, and demanded to get a response from AMD in just 1 day. CTS Labs also refused to provide details on each vulnerability, raising suspicions regarding the authenticity and the nature of its report. After more than one week, AMD is finally taking an official position with a blog post informing that all the issues reported by CTS Labs can and will be fixed in the coming weeks.

Here are the most important aspects presented in the AMD response post:
•    The new exploits are not related to the Meltdown/Spectre vulnerabilities
•    All 13 exploits can only be reproduced with admin access on the affected system
•    The vulnerabilities are related to AMD’s Secure Processor firmware and its impact on some socket AM4 and TR4 desktop platforms
•    Since the exploits have nothing to do with the microarchitecture itself, AMD will only release BIOS updates with firmware patches via OEMs and ODMs
•    The fixes will not impact performance in any way and will be released in the coming weeks (90 days or less)

AMD had its share of troubles with the Meltdown/Spectre vulnerabilities and the consequent lawsuits, but it seems the company managed to tackle the CTS Labs debacle fairly well, as these new vulnerabilities are not hardware-related. However, AMD will most likely follow Intel’s footsteps by implementing hardware fixes for the Meltdown/Spectre vulnerabilities in its upcoming CPU models.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

AMD's comments on each vulnerability class discovered by CTS Labs (Source: AMD)
AMD's comments on each vulnerability class discovered by CTS Labs (Source: AMD)

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 03 > AMD acknowledges CTS Labs exploits, will fix them in the next weeks
Bogdan Solca, 2018-03-21 (Update: 2018-03-21)
Bogdan Solca
Bogdan Solca - News Editor
I stepped into the wonderous IT&C world when I was around 7. I was instantly fascinated by computerized graphics, be them from games or 3D applications like 3D Max. I like to keep myself up to date with all the new technologies that get released at an ever increasing rate these days. I'm also an avid SciFi reader, an astrophysics aficionado and, as of late, a crypto geek.