• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Low quality post by ikeke
@bug

I'm just going to leave this. You're bashing and this aint a way for grownups to talk. I've been adding links and reasoning behind my inputs to this thread. Can't say that about yours, unfortunately.

Please, find the nearest bridge, sir, there's a meeting place under it for people like you, i think.

bug said:
You're just being schizophrenic now.
Click to expand...

:rolleyes:

I'd direct you to https://www.techpowerup.com/forums/threads/forum-guidelines.197329/ under "Posting in a thread " where you can find quite a few helpful pointers as to what you should do and not do in a thread.
 
My point has consistently been that I don't see the threatening stipulations in the GPP. What links would you think I could post to reinforce that?
Also, we don't have a copy of the GPP, just the fragments Kyle published.
 
https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

The "impossible to fix" fixes are being validated by partners.

Quote:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
 
"It appears the latest AGESA update encrypts portions of the PSP firmware, making it harder for security researchers to examine the code."

Or rather for everyone ? Funny, they infer that this is done to keep them away specifically.

CTS seems awfully interested in everything AMD does. If they discovered all these vulnerabilities as a result of someone contracting them , what is it that still piques their interest such that they still conduct research on their own for free , I wonder.
 
lexluthermiester said:
No one said they're impossible to fix. Quit trolling.
Click to expand...

How long before a fix is available?
Click to expand...
We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects.
Click to expand...

https://amdflaws.com/
 
@Vya Domus Who says they are still doing it for free? Perhaps they have an on-going contract or are still fulfilling the previous one, or even a new one?

AMD now have a chance to gauge this latest CTS response and possibly change how things work again/more with another patch/AGESA or issue a comment on it.
 
lexluthermiester said:
No one said they're impossible to fix. Quit trolling.
Click to expand...
The first post of the thread mentions a second Chimera exploit as "requiring a hardware fix and hinting at needing a recall".

bug said:
Damn, TPU's secret plan to make AMD look bad has been uncovered bt astute minds :rolleyes:
Click to expand...
I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.
 
Last edited:
Prince Valiant said:
I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.
Click to expand...

Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.

Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.
 
bug said:
Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.

Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.
Click to expand...
No most of the AMD fan base (& others) were angry because a no name security firm, with ties to a hedge fund, released highly professional (read dubious) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an agenda to drive the stock price down ~ given their minutiae exposé spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!
 
Last edited:
R0H1T said:
No most of the AMD fan base (& others) were angry because a no name security firm, with ties to a hedge fund, released highly professional (read dubious) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an agenda to drive the stock price down ~ given their minutiae exposé spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!
Click to expand...
Yeah, thanks for posting all that again, I thought the thread was dying.
The one that reported could have been murderers and necrophiles, it wouldn't change that vulenrabilities (as hard to exploit as they were) were there.
But you just can't get enough of attacking the messenger, can you? That won't solve anything, it never did.
 
CrAsHnBuRnXp said:
Take THAT AMD. I dont wanna hear the fanbois anymore.
Click to expand...

there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.

basically viceroy research is full of you know what and cts labs doesn't exist:

"https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"
 
TrustNo1 said:
there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.

basically viceroy research is full of you know what and cts labs doesn't exist:

"https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"
Click to expand...

very interesting read that link, ... here's a quote from it

Unreachable PR Company

When we first saw the press release, we reached-out to the listed Bevel PR phone number and publicly listed contact, Jessica Schaefer, to learn more about the CTS Labs research company. We won’t show it on screen, but looking through personal social media pages, we were able to find that Bevel PR appears to have been founded in 2017, and that it is staffed primarily or entirely by one individual. The Bevel PR phone number went straight to a full inbox and we were unable to get into contact. We have also reached-out to Schaefer through other contact media. We’ve never heard of Bevel PR before, but their webpage indicates that they have some experience working with ICOs and hedge funds. This pointed us in the next direction.

How vast amounts of money can change a human from being a human is …. well, frankly disturbing
 
Last edited:
Salty_sandwich said:
very interesting read that link, ... here's a quote from it

Unreachable PR Company

When we first saw the press release, we reached-out to the listed Bevel PR phone number and publicly listed contact, Jessica Schaefer, to learn more about the CTS Labs research company. We won’t show it on screen, but looking through personal social media pages, we were able to find that Bevel PR appears to have been founded in 2017, and that it is staffed primarily or entirely by one individual. The Bevel PR phone number went straight to a full inbox and we were unable to get into contact. We have also reached-out to Schaefer through other contact media. We’ve never heard of Bevel PR before, but their webpage indicates that they have some experience working with ICOs and hedge funds. This pointed us in the next direction.

How vast amounts of money can change a human from being a human is …. well, frankly disturbing
Click to expand...


we already knew this this was all a dead end and basically just anti AMD propaganda, why resurrect a dead topic? I'll be rocking AMD 7nm cpu and GPU in winter 2019, vote with your money.
 
ikeke said:
https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

The "impossible to fix" fixes are being validated by partners.

Quote:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
Click to expand...
Loop complete , return to start.
 
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.
 
John Naylor said:
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.
Click to expand...
<tumbleweeds>
 
John Naylor said:
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.
Click to expand...

Well if some one is being hacked, the hacker might not want to be seen\noticed. There fore you might of been and just don't know about it ( YET!).

It's like depending on a single anti virus program and saying i have never had a virus.

Ignorence is bliss.
 
I always used one active AV and had a second do nightly scans ... up until a few years ago. Now we just have one on each box and the server scans all networked drives in wee hours.

As to getting it out there... what idiot uses their real name online ? :) Well back when i started, that was the only way you could get online ... AOL going to the unlimited data for $19.99 a month and allowing "handles" will be later defined in historical exts as the "End of Western (amd eastern) Civilization"
 
This was the best joke of the year until Intel released the same Skylake 14nm CPU at $600.
 
You must log in or register to reply here.
Back
Top