• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Low quality post by ikeke
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
@bug

I'm just going to leave this. You're bashing and this aint a way for grownups to talk. I've been adding links and reasoning behind my inputs to this thread. Can't say that about yours, unfortunately.

Please, find the nearest bridge, sir, there's a meeting place under it for people like you, i think.

You're just being schizophrenic now.

:rolleyes:

I'd direct you to https://www.techpowerup.com/forums/threads/forum-guidelines.197329/ under "Posting in a thread " where you can find quite a few helpful pointers as to what you should do and not do in a thread.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
My point has consistently been that I don't see the threatening stipulations in the GPP. What links would you think I could post to reinforce that?
Also, we don't have a copy of the GPP, just the fragments Kyle published.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

The "impossible to fix" fixes are being validated by partners.

Quote:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
 
Joined
Jan 17, 2006
Messages
930 (0.16/day)
Location
Ireland
System Name "Run of the mill" (except GPU)
Processor R9 3900X
Motherboard ASRock X470 Taich Ultimate
Cooling Cryorig (not recommended)
Memory 32GB (2 x 16GB) Team 3200 MT/s, CL14
Video Card(s) Radeon RX6900XT
Storage Samsung 970 Evo plus 1TB NVMe
Display(s) Samsung Q95T
Case Define R5
Audio Device(s) On board
Power Supply Seasonic Prime 1000W
Mouse Roccat Leadr
Keyboard K95 RGB
Software Windows 11 Pro x64, insider preview dev channel
Benchmark Scores #1 worldwide on 3D Mark 99, back in the (P133) days. :)
Joined
Jan 8, 2017
Messages
7,175 (3.65/day)
System Name Good enough
Processor AMD Ryzen R7 1700X - 4.0 Ghz / 1.350V
Motherboard ASRock B450M Pro4
Cooling Deepcool Gammaxx L240 V2
Memory 16GB - Corsair Vengeance LPX - 3333 Mhz CL16
Video Card(s) OEM Dell GTX 1080 with Kraken G12 + Water 3.0 Performer C
Storage 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) 4K Samsung TV
Case Deepcool Matrexx 70
Power Supply GPS-750C
"It appears the latest AGESA update encrypts portions of the PSP firmware, making it harder for security researchers to examine the code."

Or rather for everyone ? Funny, they infer that this is done to keep them away specifically.

CTS seems awfully interested in everything AMD does. If they discovered all these vulnerabilities as a result of someone contracting them , what is it that still piques their interest such that they still conduct research on their own for free , I wonder.
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
No one said they're impossible to fix. Quit trolling.

How long before a fix is available?
We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects.

https://amdflaws.com/
 
Joined
Jan 17, 2006
Messages
930 (0.16/day)
Location
Ireland
System Name "Run of the mill" (except GPU)
Processor R9 3900X
Motherboard ASRock X470 Taich Ultimate
Cooling Cryorig (not recommended)
Memory 32GB (2 x 16GB) Team 3200 MT/s, CL14
Video Card(s) Radeon RX6900XT
Storage Samsung 970 Evo plus 1TB NVMe
Display(s) Samsung Q95T
Case Define R5
Audio Device(s) On board
Power Supply Seasonic Prime 1000W
Mouse Roccat Leadr
Keyboard K95 RGB
Software Windows 11 Pro x64, insider preview dev channel
Benchmark Scores #1 worldwide on 3D Mark 99, back in the (P133) days. :)
@Vya Domus Who says they are still doing it for free? Perhaps they have an on-going contract or are still fulfilling the previous one, or even a new one?

AMD now have a chance to gauge this latest CTS response and possibly change how things work again/more with another patch/AGESA or issue a comment on it.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Joined
Feb 16, 2017
Messages
445 (0.23/day)
No one said they're impossible to fix. Quit trolling.
The first post of the thread mentions a second Chimera exploit as "requiring a hardware fix and hinting at needing a recall".

Damn, TPU's secret plan to make AMD look bad has been uncovered bt astute minds :rolleyes:
I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.
 
Last edited:

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I'm not going to don my tinfoil but I'd have thought we'd see a post about the new Intel vulnerabilities and the update from AMD. Coverage for the Ryzen exploits was over the top.

Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.

Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.
 
Joined
Apr 12, 2013
Messages
4,789 (1.44/day)
Depends on your definition for "over the top", it's not like there's a common standard of how much coverage a type of story should get. I just did a TPU search and found about a page of news articles about Spectre and Meltdown.

Incidentally, this very thread only got so long because AMD fans just couldn't underscore enough how the vulnerabilites reported here are without merit, because the ones disclosing them were jerks. Streisand effect at its best.
No most of the AMD fan base (& others) were angry because a no name security firm, with ties to a hedge fund, released highly professional (read dubious) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an agenda to drive the stock price down ~ given their minutiae exposé spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!
 
Last edited:

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
No most of the AMD fan base (& others) were angry because a no name security firm, with ties to a hedge fund, released highly professional (read dubious) videos on how the AMD chips were vulnerable with admin rights. While their site was all glitzy, they were very light on details & (almost) certainly had an agenda to drive the stock price down ~ given their minutiae exposé spread over a period of 2(?) weeks. Also they'd given no practical time to AMD in resolving this issue, unlike another major competitor which sat on that info (GPZ) for almost 3 quarters & yet botched updates for another full quarter!
Yeah, thanks for posting all that again, I thought the thread was dying.
The one that reported could have been murderers and necrophiles, it wouldn't change that vulenrabilities (as hard to exploit as they were) were there.
But you just can't get enough of attacking the messenger, can you? That won't solve anything, it never did.
 

HTC

Joined
Apr 1, 2008
Messages
4,411 (0.85/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 2600X
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Nitro+ Radeon RX 480 OC 4 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 19.04 LTS

TrustNo1

New Member
Joined
Jun 15, 2018
Messages
1 (0.00/day)
Take THAT AMD. I dont wanna hear the fanbois anymore.

there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.

basically viceroy research is full of you know what and cts labs doesn't exist:

"https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"
 
Joined
Oct 6, 2018
Messages
220 (0.17/day)
System Name SALTY
Processor A10-5800K
Motherboard A75
Cooling Air
Memory 10Gig DDR133
Video Card(s) HD 7660D
Storage HDD
Display(s) 4k HDR TV
Power Supply 320 Watt
there is a lot of anti AMD propaganda on the internet its beyond suspicious. best you dig a little deeper and find out the truth yourself, a lot of the stuff you see online is regurgitated garbage that reviewers have somehow come to agree on.

basically viceroy research is full of you know what and cts labs doesn't exist:

"https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs"

very interesting read that link, ... here's a quote from it

Unreachable PR Company

When we first saw the press release, we reached-out to the listed Bevel PR phone number and publicly listed contact, Jessica Schaefer, to learn more about the CTS Labs research company. We won’t show it on screen, but looking through personal social media pages, we were able to find that Bevel PR appears to have been founded in 2017, and that it is staffed primarily or entirely by one individual. The Bevel PR phone number went straight to a full inbox and we were unable to get into contact. We have also reached-out to Schaefer through other contact media. We’ve never heard of Bevel PR before, but their webpage indicates that they have some experience working with ICOs and hedge funds. This pointed us in the next direction.

How vast amounts of money can change a human from being a human is …. well, frankly disturbing
 
Last edited:
Joined
Oct 17, 2014
Messages
10,038 (3.61/day)
very interesting read that link, ... here's a quote from it

Unreachable PR Company

When we first saw the press release, we reached-out to the listed Bevel PR phone number and publicly listed contact, Jessica Schaefer, to learn more about the CTS Labs research company. We won’t show it on screen, but looking through personal social media pages, we were able to find that Bevel PR appears to have been founded in 2017, and that it is staffed primarily or entirely by one individual. The Bevel PR phone number went straight to a full inbox and we were unable to get into contact. We have also reached-out to Schaefer through other contact media. We’ve never heard of Bevel PR before, but their webpage indicates that they have some experience working with ICOs and hedge funds. This pointed us in the next direction.

How vast amounts of money can change a human from being a human is …. well, frankly disturbing


we already knew this this was all a dead end and basically just anti AMD propaganda, why resurrect a dead topic? I'll be rocking AMD 7nm cpu and GPU in winter 2019, vote with your money.
 

bug

Joined
May 22, 2015
Messages
10,251 (4.00/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Joined
Mar 10, 2010
Messages
10,068 (2.26/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II/Trig
Processor Amd R5 5600G/ Intel 8750H/3800X
Motherboard Crosshair hero8 impact/Asus/crosshair hero 7
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060/GTX 1060
Storage Silicon power 1TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dellshiter
Case Lianli p0-11 dynamic/strix scar2/aero cool shiter
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock /850 watt ?
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

The "impossible to fix" fixes are being validated by partners.

Quote:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
Loop complete , return to start.
 
Joined
Mar 18, 2015
Messages
2,953 (1.12/day)
Location
Long Island
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,199 (3.25/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) BenQ XL2720Z (144Hz, 3D Vision 2, 1080p) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.
<tumbleweeds>
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
17,599 (3.23/day)
Location
UK\USA
Processor 2500k \ AMD 3900X+NH-D15
Motherboard ASRock Z68 \ ASRock AM4 X570 Pro 4
Memory Samsung low profile 2x8GB \ Patriot 2x16GB PVS432G320C6K
Video Card(s) eVga GTX1060 SSC \ XFX R9 390X
Storage 2xIntel 80Gb (SATA2) Crucial MX500 \ Samsung 860 1TB +Samsung Evo 250GB+500GB Sabrent 1TB Rocket
Display(s) Samsung 1080P \ LG 43UN700
Case HTPC400 \ Fractal Design Torrent.
Audio Device(s) Yamaha RX-V677 \ Yamaha CX-830+Yamaha MX-630 Infinity RS4000\Paradigm P Studio 20, Blue Yeti
Power Supply Seasonic Focus 650w \ Seasonic Prime TX-750
Mouse Steelseries Sensei wireless \ Steelseries Sensei wireless
Keyboard Logitech K120 \ ROCCAT MK Pro ( modded amber leds )
Benchmark Scores Meh benchmarks.
After all the Intel and AMD *vulnerabilities" announced and finger pointing, has anyone seen a post saying "I didn't install the patch and [insert horror story] happened to me.

Well if some one is being hacked, the hacker might not want to be seen\noticed. There fore you might of been and just don't know about it ( YET!).

It's like depending on a single anti virus program and saying i have never had a virus.

Ignorence is bliss.
 
Joined
Mar 18, 2015
Messages
2,953 (1.12/day)
Location
Long Island
I always used one active AV and had a second do nightly scans ... up until a few years ago. Now we just have one on each box and the server scans all networked drives in wee hours.

As to getting it out there... what idiot uses their real name online ? :) Well back when i started, that was the only way you could get online ... AOL going to the unlimited data for $19.99 a month and allowing "handles" will be later defined in historical exts as the "End of Western (amd eastern) Civilization"
 
Joined
Oct 2, 2015
Messages
2,889 (1.19/day)
Location
Argentina
System Name Ciel / Yukino
Processor AMD Ryzen R5 5600X / Intel Core i3 5005U
Motherboard Asus Tuf Gaming B550 Plus / HP 240 G5
Cooling ID-Cooling 224-XT Basic
Memory 2x 8GB Geil Orion AMD Edition 3600MHz@3800MHz
Video Card(s) Dell 1660 SUPER + Sentey RX 550 2GB
Storage SSD ADATA FALCON 512GB PCIe3.0 + HDD WD 4TB
Display(s) Samsung S22F350
Case Cougar MX410 Mesh-G
Audio Device(s) Realtek ALC S1200A
Power Supply Aerocool KCAS-500W
Mouse Logitech G203
Keyboard VSG Alnilam
Software Windows 10 x64 / Manjaro x64
This was the best joke of the year until Intel released the same Skylake 14nm CPU at $600.
 
Top