• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I dont think that being in InfoSec/auditing business and having this clusterf*ck in resume will give you any credits in the future.

(oh, we found this issue while looking at this non-related thing, hmm, looks like something that could be sold to stockmarket for quick buck, ta-daaa, profit. Also, we don't know how to inform parties of our findings, hehe, no worries, happens, whoops...)
Yeah, well, they're into the business of finding issues and they found them. When they'll be in the business of making friends, they'll hire a PR company.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
I don't think they have anything to do with the original findings. This looks more and more like an orchestrated stunt by someone else.
 

Veradun

New Member
Joined
Mar 13, 2018
Messages
19 (0.01/day)
Yeah, well, they're into the business of finding issues and they found them. When they'll be in the business of making friends, they'll hire a PR company.

The funny part is they hired one.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I don't think they have anything to do with the original findings. This looks more and more like an orchestrated stunt by someone else.
Do you have anything to back that up, other than "you don't think"?
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Nope, just the looks of it and available information about involved parties, it stinks.
 
Joined
Dec 31, 2009
Messages
19,335 (4.27/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
Zzzzzzzzz*snore*zzzzzzzzzzzzz

Will someone tag me when conclusive info comes out intel was behind this, please? Much appreciated (not expecting a notification either). We all know everything around the very real and blown out of proportion security flaws sucked. But until something conclusive comes out about intel, this is all a rehash of day 1...400+ posts ago. Boooooooring.
 
Last edited:
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Credible citation that is not. Looks like a hit-piece and a rather flimsy one. FUD, plain and simple.
y u troll?

This sheds some light onto Viceroy who were the first to react, and like CTSLabs they look to be amateurs who push information without credentials for analysis they claim to have done themselves.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
y u troll?

This sheds some light onto Viceroy who were the first to react, and like CTSLabs they look to be amateurs who push information without credentials for analysis they claim to have done themselves.
Well, you also push the claim CTS Labs did not uncover the vulnerabilities without evidence. What does that tell us?

Also, of your 150+ posts here, only 5 or so are not on this or the "CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video" thread. If I were you, I'd stay away from trolling references.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
So?

Only those who wrote certain amount of posts over certain threads have the right to express their thoughts? :/

OK.

And btw, which part of my thoughts on this specific topic would fall into trolling category?

In Internet slang, a troll (/troʊl, trɒl/) is a person who sows discord on the Internet by starting quarrels or upsetting people, by posting inflammatory,[1] extraneous, or off-topic messages in an online community (such as a newsgroup, forum, chat room, or blog) with the intent of provoking readers into an emotional response[2] or of otherwise disrupting normal, on-topic discussion,[3]often for the troll's amusement
 
Joined
Jul 5, 2013
Messages
19,000 (5.85/day)
Location
USA
Also, of your 150+ posts here, only 5 or so are not on this or the "CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video" thread.
@ikeke
I've made a similar observation. You seem to be deliberately posting FUD comments. And we've been over this next one, lack of objectivity. You seem hell bent on smearing CTS who's claims have been proven to have merit, by AMD themselves. Your actions here seem to clearly show that you are acting with an agenda in a troll like fashion. The only thing that is making your comments tolerable, for me at least, is that you seem to be conducting yourself in a mostly civilized manner.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
You seem hell bent on smearing CTS who's claims have been proven to have merit, by AMD themselves.
CTSLabs assessment of the issues impact/scope has been overturned by independent reviewer they themselves hired. Amd assessment for fixes availability was estimated as weeks-to-month.

And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.
 
Joined
Jul 5, 2013
Messages
19,000 (5.85/day)
Location
USA
CTSLabs assessment of the issues impact/scope has been overturned by independent reviewer they themselves hired. Amd assessment for fixes availability was estimated as weeks-to-month. And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.
This is a perfect example of your FUD and dancing around the facts. AMD has confirmed the findings of CTS. They downplayed it a bit, naturally, but they confirmed it all none-the-less.
You also danced completely around the other points made without confirmation or denial.

Seriously, you're not and haven't added anything of value to the conversation. Let it go.
 
Joined
Dec 31, 2009
Messages
19,335 (4.27/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
And they (CTSLabs) stopped broadcasting, silence speaks volumes in this case.
What are they supposed to be saying during this time?

They gave their information out (in the most questionable manner possible), AMD confirmed all the issues are real and will be fixing it in 'weeks not months'. CTS replied to that and said they don't believe it will take weeks, but months (part of what they said initially). Only time will tell who is right on this. As I said before, this is just rehashing what we already know. Nothing new... Zzzzzzzzzzzzzzzzzzzzzzz*snore*zzzzzzzzzzzzzz wait wut? Nothing new? Zzzzzzzzzzzzzzzzzz*snore*zzzzzzzzzzzzzzzzzzz.

Anyway, AMD responded about 2 weeks ago right? We'll expect to see some roll outs soon if they are correct.


Unsubscribing to this spinning amusement park ride... someone tag me when..........................

1. Intel is PROVEN CONCLUSIVELY to be behind this...
2. When AMD fixes everything.


mmmmmmmmmmmmmkay?
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Sigh.
@EarthDog
Where. In. Any. Of. My. Posts. Have. I. Said. Intel?
@lexluthermiester
And AMD confirmed the vulnerabilities, where have I argued that. You, though, conveniently dance around the issues of impact assessment. Which, in case of vulnerabilities is quite important, well actually the most important. CTSLabs failed spectacularly in theirs.

Tinfoil hats and trolling, guys.
 
Joined
Dec 31, 2009
Messages
19,335 (4.27/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
I. Didn't. Say. You. Said. Intel.

If you read more closely, you will note I asked to be notified when Intel is proven to be behind this (along with when AMD fixes things)... that is just one of the many points brought up in this thread by various people.



Good bye, thread and the constant rehash of known information... and glossing over of talking points by both sides. Man o man do threads like these really make me hate forums.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
So?

Only those who wrote certain amount of posts over certain threads have the right to express their thoughts? :/

OK.

And btw, which part of my thoughts on this specific topic would fall into trolling category?

In Internet slang, a troll (/troʊl, trɒl/) is a person who sows discord on the Internet by starting quarrels or upsetting people, by posting inflammatory,[1] extraneous, or off-topic messages in an online community (such as a newsgroup, forum, chat room, or blog) with the intent of provoking readers into an emotional response[2] or of otherwise disrupting normal, on-topic discussion,[3]often for the troll's amusement
Repeating the same opinion over and over and over ad nauseam fits the description pretty well.
Of the 440-ish comments so far, 40 are yours saying nothing but "Intel made CTS Labs publish these and they're so meaningless we shouldn't even mention them". Ok, your opinion. We don't need 40 posts of that.

Like @lexluthermiester said, your saving grace is you're conducting yourself in a civilized manner so far. But don't be surprised if you find yourself reported one day if you keep polluting threads.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
40 are yours saying nothing but "Intel made CTS Labs publish these and they're so meaningless we shouldn't even mention them".

Really? When facts fail - just make them up?

Some of you are all in on protecting the original OP of this thread, which makes me wonder..

“When my information changes, I change my mind. What do you do?”
- John Maynard Keynes


1522220181770.png


/t
 
Last edited:

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Really? When facts fail - just make them up?

Some of you are all in on protecting the original OP of this thread, which makes me wonder..

“When my information changes, I change my mind. What do you do?”
- John Maynard Keynes


View attachment 98884

/t
Ok, be the constructive one and summarize for me what is it that you had to share with us over 40 posts?
 
Joined
Jul 5, 2013
Messages
19,000 (5.85/day)
Location
USA
Really? When facts fail - just make them up?

Some of you are all in on protecting the original OP of this thread, which makes me wonder..

“When my information changes, I change my mind. What do you do?”
- John Maynard Keynes


View attachment 98884

/t
Based on that graph, you have been doing much of the orange, yellow and green. You've seemingly avoided the red and haven't touched the blue, violet and gray. Just based on observations.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
@bug
CTSLabs has still been unable to demonstrate the quote "13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered throughout AMD Ryzen & EPYC product lines" and quote "Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities" and quote "How long before a fix is available? - We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects." (https://amdflaws.com/)

They paid trailofbits for analysis which they've ignored aswell as ignoring suggestion to disclose them via CERT, industry experts disagree with their impact assessment. https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

The information leaked to stock shortseller Viceroy who were the first to capitalize on this, unsuccessfully since they are a bunch of amateurs, as found in #426.

Based on all this CTSLabs is a bunch of amateurs paddling some vulnerabilities which they were hoping to make some dirty money out of, instead of reporting issues as per industry agreed procedures to resolve the problems.

Based on that graph, you have been doing much of the orange, yellow and green. You've seemingly avoided the red and haven't touched the blue, violet and gray. Just based on observations.
Come again? For every detail i've shared along with my opinion about this I've added links and reasoning. Can't do much more in a forum thread, unfortunately. Something that cant be said about you, though.
 
Last edited:
Low quality post by bug

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
You're just being schizophrenic now. On one hand you're questioning CTS Labs' credibility (somewhat justified), on the other hand you seem to be waiting for them to demonstrate the vulnerabilities.
Disregard the fact that they have already stated they will not demonstrate these publicly because at this point that would only teach hackers how to compromise systems and have instead sent their proof of concept attacks to other security researches and AMD. Disregard the fact that I have told you these things before.
Why on Earth are you seeking confirmation from a source you've already deemed unreliable?
If CTS Labs' findings are without merit, what is AMD getting ready to patch?

On another note, a simple look at the price of AMD's stock would have saved you the embarrassment of talking about shorting (hint: the stock price didn't move past CTS Labs' revelations).

Edit: On the upside, do you now see it doesn't take 40+ posts to make a fool of yourself? When properly motivated, you could finally do it in one!
 
Top