• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Joined
Jul 29, 2014
Messages
484 (0.14/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
This story was published with no concrete background evidence and CTS LAB a company that just appeared out of no where back in 2017. This all seems like a targeted campaign just when AMD is gaining ground in CPU market. Besides you need Admin access to the system itself, with that kind of access any system is vulnerable.
 
Joined
Jan 6, 2017
Messages
94 (0.04/day)
It will be interesting to see how this turns out. Point of note: Intel is threatened by AMD's recent advances; however, if these turn out to be as BS as they smell right now, Intel should beware gamers with pitchforks.
 
Joined
Sep 25, 2012
Messages
2,074 (0.49/day)
Location
Jacksonhole Florida
System Name DEVIL'S ABYSS
Processor i7-4790K@4.6 GHz
Motherboard Asus Z97-Deluxe
Cooling Corsair H110 (2 x 140mm)(3 x 140mm case fans)
Memory 16GB Adata XPG V2 2400MHz
Video Card(s) EVGA 780 Ti Classified
Storage Intel 750 Series 400GB (AIC), Plextor M6e 256GB (M.2), 13 TB storage
Display(s) Crossover 27QW (27"@ 2560x1440)
Case Corsair Obsidian 750D Airflow
Audio Device(s) Realtek ALC1150
Power Supply Cooler Master V1000
Mouse Ttsports Talon Blu
Keyboard Logitech G510
Software Windows 10 Pro x64 version 1803
Benchmark Scores Passmark CPU score = 13080
"So, if any of those exploits are real... you still need admin privileges?

If a malicious actor has already gotten their hands on admin privileges, wouldn't you have bigger problems to worry about?"
The problem would be that you might not even know you've been compromised, since these exploits are (supposedly) undetectable by any current antivirus software. Even if you suspected that someone had accessed your machine, a scan would show no problems. Of course, that may change soon, as more becomes known.
 

T4C Fantasy

CPU & GPU DB Maintainer
Staff member
Joined
May 7, 2012
Messages
2,562 (0.59/day)
Location
Rhode Island
System Name Whaaaat Kiiiiiiid!
Processor Intel Core i9-12900K @ Default
Motherboard Gigabyte Z690 AORUS Elite AX
Cooling Corsair H150i AIO Cooler
Memory Corsair Dominator Platinum 32GB DDR4-3200
Video Card(s) EVGA GeForce RTX 3080 FTW3 ULTRA @ Default
Storage Samsung 970 PRO 512GB + Crucial MX500 2TB x3 + Crucial MX500 4TB + Samsung 980 PRO 1TB
Display(s) 27" LG 27MU67-B 4K, + 27" Acer Predator XB271HU 1440P
Case Thermaltake Core X9 Snow
Audio Device(s) Logitech G935 Headset
Power Supply SeaSonic Platinum 1050W Snow Silent
Mouse Logitech G903 Lightspeed
Keyboard Logitech G915
Software Windows 11 Pro
Benchmark Scores FFXV: 19329
they had this website built, videos made, diagrams made and charts with whitepapers made in 48 hours? i think they set up amd to tell them then 24hours later they slam the media on them.... 100% a setup
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
If a BIOS is re-written, I do believe it resets back to default basic settings. It seems I will keep an eye on this if my computer somehow defaults back for no reason. Please correct me if I am wrong here.
That doesn't always happen as it is triggered by a flag in the update process. If that flag is not set, the settings are not reset to defaults.

Lots of people are renting full servers, not just virtual machines. Yes I can flash the BIOS of our webservers
Holy crap! You'd think something like that would be locked down..
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
You have never run GPU-Z ? It starts with admin privileges and comes with a signed driver

No, not in production environment. Not on anything remotely important enough.

If this issue/attack vector is possible only via Windows OS and elevated administrator privileges are required AND the BIOS flash requires signed UEFI package then for all i can find currently you'd be screwed without any exploit. The user who has such access and tools available to them can take anything in the system without your knowledge. Full system access required to exploit? LOL
 
Joined
Feb 8, 2012
Messages
3,012 (0.68/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
:laugh: Those guys at CTS Labs are adware developers: ^^ CTS-Labs turns out to be the company that produced the CrowdCores Adware ^^
 
Joined
Feb 8, 2012
Messages
3,012 (0.68/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
If true, it would give them a bit of credibility as they obviously know how to take advantage of vulnerabilities. Who better to find vulnerabilities than actual hackers/crackers?
Adware are mostly browser toolbars/plugins that install silently with the utility you previously trusted but the company got bought :)
No clue about TPU.
There's your clue: https://www.techpowerup.com/forums/...cture-including-backdoors.242328/post-3812761
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,956 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
Ok, good point. So TPU has it's own servers now? Most sites are hosted.
We've had our own (rented) servers for at least a decade now, at various hosting companies. If you are curious and want to know more, open a new thread or send me a pm.
 
Joined
Jul 29, 2014
Messages
484 (0.14/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
We've had our own (rented) servers for at least a decade now, at various hosting companies. If you are curious and want to know more, open a new thread or send me a pm.

W1zzard, what is your take on credibility of CTS Labs?
 
Low quality post by Nihilus
Joined
Jul 19, 2011
Messages
540 (0.12/day)
Wow TPU seems to be the bottom of the barrel for tech sites. Other sites like gamersnexus and techspot have already revealed all of the BS or at least suspect nature of this. You guys would rather keep the click bait.

Wizard, butnr - do some dame journalism!
 

bug

Joined
May 22, 2015
Messages
13,158 (4.07/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
W1zzard, what is your take on credibility of CTS Labs?
They don't have any. They're a newly established group that handled this terribly.
Their credibility, however, is of little importance.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
W1zzard, what is your take on credibility of CTS Labs?
Based on what he's said already, my guess is that he is likely dubious of the company itself but takes the vulnerabilities seriously, which is wise. That happens to be my position as well. CTS may be shady as hell, but the threats must be taken seriously until either proven invalid or verified and fixed.
 
Joined
Oct 2, 2015
Messages
2,986 (0.96/day)
Location
Argentina
System Name Ciel
Processor AMD Ryzen R5 5600X
Motherboard Asus Tuf Gaming B550 Plus
Cooling ID-Cooling 224-XT Basic
Memory 2x 16GB Kingston Fury 3600MHz@3933MHz
Video Card(s) Gainward Ghost 3060 Ti 8GB + Sapphire Pulse RX 6600 8GB
Storage NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB
Display(s) Gigabyte G27Q + AOC 19'
Case Cougar MX410 Mesh-G
Audio Device(s) Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply Aerocool KCAS-500W
Mouse Logitech G203
Keyboard VSG Alnilam
Software Windows 11 x64
Based on what he's said already, my guess is that he is likely dubious of the company itself but takes the vulnerabilities seriously, which is wise. That happens to be my position as well. CTS may be shady as hell, but the threats must be taken seriously until either proven invalid or verified and fixed.

Same here, but if this is proved to be by Intel's hand... Man they would be the lowest. "Performance over price and any kind of integrity!"
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
Same here, but if this is proved to be by Intel's hand... Man they would be the lowest. "Performance over price and any kind of integrity!"
I'm not buying that. Even if true, should the vulnerabilities be real, they're real and need to be addressed regardless of the motives and methods of discovery.
 
Joined
Oct 2, 2015
Messages
2,986 (0.96/day)
Location
Argentina
System Name Ciel
Processor AMD Ryzen R5 5600X
Motherboard Asus Tuf Gaming B550 Plus
Cooling ID-Cooling 224-XT Basic
Memory 2x 16GB Kingston Fury 3600MHz@3933MHz
Video Card(s) Gainward Ghost 3060 Ti 8GB + Sapphire Pulse RX 6600 8GB
Storage NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB
Display(s) Gigabyte G27Q + AOC 19'
Case Cougar MX410 Mesh-G
Audio Device(s) Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply Aerocool KCAS-500W
Mouse Logitech G203
Keyboard VSG Alnilam
Software Windows 11 x64
Yeah, I want a fast response from AMD, backstab or not, they have to fix this, or confirm that it's a fraud, whatever the truth may be.
 
Joined
Aug 19, 2011
Messages
528 (0.11/day)
System Name As Himself
Processor 2700X
Motherboard Asrock 370X ThaiChi
Cooling Custom Liquid
Memory 4133MHz Team
Video Card(s) Radeon VII
Storage Samsung 512 SSD's
Display(s) Asus "24 144Hz
Case Tt P5
Audio Device(s) Asus Essence One Muses/Sparkos
Power Supply EVGA 1200
Mouse RAT ProX
Keyboard Drop CTRL
Software W10 steam futuremark
This absolutely REEKS like a group of Intel insiders that hatched a plan to short AMD shares after the big "meltdown/spectre" scare last June.

Geeks don't always make the best criminals though....
 
Joined
May 21, 2011
Messages
660 (0.14/day)
System Name Tiger1-Workstation
Processor Intel XEON E3-1275V2 / E3-1230V3
Motherboard ASUS SABERTOOTH Z77 / AsRock H87 Performance
Cooling Corsair H80i Watercooling
Memory 32GB Corsair Dominator Platinum 2400
Video Card(s) Inno3D GTX 780 Ti
Storage 2TB SSD(4X OCZ vertex 4 256GB LSI RAID0 + Crucial M550 1TB)
Display(s) 2x Dell U3011 30" IPS
Case Silverstone Raven 03
Audio Device(s) Xonar Essence STX--> Xonar Essence One --> SPL Auditor -->Hivi X6
Power Supply Corsair AX860i Platinum
Software Windows 8.1 Enterprise
Why do these exploits have such kickass names?
 
Joined
Jan 20, 2014
Messages
299 (0.08/day)
System Name gamingPZ
Processor i7-6700k
Motherboard Asrock Z170M Pro4S
Cooling scythe mugen4
Memory 32GB ddr4 2400mhz crucial ballistix sport lt
Video Card(s) gigabyte GTX 1070 ti
Storage ssd - crucial MX500 1TB
Case silverstone sugo sg10
Power Supply Evga G2 650w
Software win10
sadly, but we live in "alternative facts" age where PObox companies (that did not exist few months ago) with shutter stock photo/video backgrounds can make such a noise in a split second and weather that PObox company will exists after few weeks or not - that does not matter - damage (to multibillion company) will be done for next few Quartals to come.
 
Top