Since launch last year, AMD’s new Ryzen processors have been a great success. Last week, however, a major hurdle popped up. A new report from security firm CTS revealed a series of 4 new exploits focused on Zen. At the time, CTS suggested that the vulnerabilities were game-changing. More troubling, the company only gave AMD 24 hours notice before going public. Due to the short timing, AMD is only now ready with their response. In great news for AMD users, the company will roll out patches soon within weeks.
First up, there a few major takeaways for Chimera, Ryzenefall, Masterkey and, Fallout. First, the exploits are real and exist on AMD hardware. However, they require low-level metal administrative access meaning virtual machines are safe. Next, all of the flaws relate to the AMD Secure Processor (PSP) and ASMedia chipsets and not to the Zen design itself. The fixes will come in the form of firmware and BIOS updates. More importantly, there is to be no performance impact at all. Finally, there is no relationship of the exploits to Spectre or Meltdown.
Given all of this information, it makes the CTS disclosure abnormal. CTS first claimed the exploits were so serious that they needed to make them public ASAP and that they were Zen hardware flaws. However, these exploits aren’t that serious, especially compared to earlier Intel ME and other TPM flaws. It also requires direct access and not remote access like some Intel ME bugs. The ASMedia bug is also likely not limited to just AMD chipsets. Finally, since AMD is able to roll out fixes within weeks through software, the industry standard 90 day disclosure period should have been followed. In fact, the short notice probably did more harm to users than not.
Since the CTS report came out, there has been a lot of speculation about the motive. Viceroy Research, a stock-shorting firm, claimed within hours of the release that AMD would be dead within 30 days. The alarmist tone led critics to suggest that there was an unethical relationship between the two though that has been denied. Other critics suggest motive from Intel to divert attention from Meltdown and Spectre but there is no evidence of that. Whatever the case, the whole debacle has unfortunately only hurt the reputation of security researchers as a whole.
By supporting eTeknix, you help us grow and continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology, share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you’ll find our latest video reviews, event coverage and features in 4K!
SpeakersSpeakersYesSpeaker amount and power output2x 2 WattDimensionsLength / Depth252.5 mmWidth614 mmHeight525.8 mmWeight7.4 kgStandards / SpecificationsAdaptive…
Thermal SpecificationsMax. TDP125 WCPUCPU ManufacturerIntelCPU SeriesIntel Core i7CPU Socket1700CPU ArchitectureIntel Alder Lake-SCPU Cores12CPU Threads20Performance Cores8Efficiency…
AOC 24B3HA2 23.6 1920x1080 VA 100Hz 1m Widescreen LED Multimedia Monitor - Black High-performance clarity…
Fan SpecificationsFan Size140 mmColourPrimary ColourBlackSecondary ColourWhiteMaterialsMaterialsAluminium, Copper, RubberLightingLightingYesLighting ColourRGBLighting CompatibilityCorsair iCUEAdditional ContentsIncluded fans2x 140 mmTypeCPU…
This monitor is built with features that make incredible visuals. With VESA ClearMR 9000 and…
The AMD RDNA™ 3 Architecture elevated by buffed cooling and power delivery to effortlessly churn…