✨ We've just launched our NEW website design!

Learn More Here
News

AMD Promises Ryzen Security Flaws Fix Within Weeks

AMD

AMD Provides Comprehensive Response to Ryzen Security Flaws

Since launch last year, AMD’s new Ryzen processors have been a great success. Last week, however, a major hurdle popped up. A new report from security firm CTS revealed a series of 4 new exploits focused on Zen. At the time, CTS suggested that the vulnerabilities were game-changing. More troubling, the company only gave AMD 24 hours notice before going public. Due to the short timing, AMD is only now ready with their response. In great news for AMD users, the company will roll out patches soon within weeks.

First up, there a few major takeaways for Chimera, Ryzenefall, Masterkey and, Fallout. First, the exploits are real and exist on AMD hardware. However, they require low-level metal administrative access meaning virtual machines are safe. Next, all of the flaws relate to the AMD Secure Processor (PSP) and ASMedia chipsets and not to the Zen design itself. The fixes will come in the form of firmware and BIOS updates. More importantly, there is to be no performance impact at all. Finally, there is no relationship of the exploits to Spectre or Meltdown.

Quick AMD Response Raises Questions About CTS Disclosure

Given all of this information, it makes the CTS disclosure abnormal. CTS first claimed the exploits were so serious that they needed to make them public ASAP and that they were Zen hardware flaws. However, these exploits aren’t that serious, especially compared to earlier Intel ME and other TPM flaws. It also requires direct access and not remote access like some Intel ME bugs. The ASMedia bug is also likely not limited to just AMD chipsets. Finally, since AMD is able to roll out fixes within weeks through software, the industry standard 90 day disclosure period should have been followed. In fact, the short notice probably did more harm to users than not.

Since the CTS report came out, there has been a lot of speculation about the motive. Viceroy Research, a stock-shorting firm, claimed within hours of the release that AMD would be dead within 30 days. The alarmist tone led critics to suggest that there was an unethical relationship between the two though that has been denied. Other critics suggest motive from Intel to divert attention from Meltdown and Spectre but there is no evidence of that. Whatever the case, the whole debacle has unfortunately only hurt the reputation of security researchers as a whole.

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology, share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you’ll find our latest video reviews, event coverage and features in 4K!

eTeknix Facebook eTeknix Twitter eTeknix Instagram

Check out our Latest Video

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Related Articles

Back to top button
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker!   eTeknix prides itself on supplying the most accurate and informative PC and tech related news and reviews and this is made possible by advertisements but be rest assured that we will never serve pop ups, self playing audio ads or any form of ad that tracks your information as your data security is as important to us as it is to you.   If you want to help support us further you can over on our Patreon!   Thank you for visiting eTeknix