I will be looking at PDF documentation W/P pin of a BIOS chip to see if I can do anything in hardware, locking my BIOS chip in either software or hardware.
-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors
- Thread starter btarunr
- Start date
I will be looking at PDF documentation W/P pin of a BIOS chip to see if I can do anything in hardware, locking my BIOS chip in either software or hardware.
- Joined
- Sep 27, 2017
- Messages
- 43 (0.02/day)
| System Name | Fedora |
|---|---|
| Processor | 5800X3D |
| Motherboard | X370 |
| Memory | 32GB |
| Video Card(s) | RX 6800 |
So this "vulnerabilities" are like using admin account to install web applications into Intel firmware with MeshCommander https://software.intel.com/en-us/blogs/2017/07/11/meshcommander-firmware-web-application
Actually, that is not known. Intel uses asmedia chips as well, and CTS never bothered to test this on any other processors.
- Joined
- May 14, 2004
- Messages
- 28,638 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
Good point.
- Joined
- Dec 31, 2009
- Messages
- 19,385 (3.46/day)
| Benchmark Scores | Faster than yours... I'd bet on it. :) |
|---|
CVEs should be released about them in the coming days. Additional 3rd party validation (we have one sketchy source and one that for now seems legit) we should see perhaps Friday or Monday as they have said it took 3rd party 4-5 days to validate their findings.
- Joined
- May 1, 2010
- Messages
- 44 (0.01/day)
| System Name | Dricast |
|---|---|
| Processor | Intel Core i7 2600k |
| Motherboard | Gigabyte GA-Z77X-UD3H |
| Cooling | Corsair A70 |
| Memory | 12GB Mushkin DDR3 |
| Video Card(s) | 2x EVGA Geforce GTX460@GTX560 Clocks in SLI |
| Storage | SanDisk 120GB SSD, Hitatchi 1TB, Hitatchi 2TB |
| Display(s) | Dell 24" |
| Case | Antec 902 |
| Audio Device(s) | Onboard |
| Power Supply | Corsair 750TX |
| Software | Windows 7 Ultimate |
You all understand this is likely fake and possible stock manipulation? CTS Labs themselves state they may have a financial interest in these results.
- Joined
- Dec 31, 2009
- Messages
- 19,385 (3.46/day)
| Benchmark Scores | Faster than yours... I'd bet on it. :) |
|---|
Loving the people that joined the conversation hundreds of posts in like we haven't discussed that possibility ad nauseam in the past two days, LOL!
- Joined
- May 22, 2015
- Messages
- 14,344 (3.95/day)
| Processor | Intel i5-12600k |
|---|---|
| Motherboard | Asus H670 TUF |
| Cooling | Arctic Freezer 34 |
| Memory | 2x16GB DDR4 3600 G.Skill Ripjaws V |
| Video Card(s) | EVGA GTX 1060 SC |
| Storage | 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500 |
| Display(s) | Dell U3219Q + HP ZR24w |
| Case | Raijintek Thetis |
| Audio Device(s) | Audioquest Dragonfly Red :D |
| Power Supply | Seasonic 620W M12 |
| Mouse | Logitech G502 Proteus Core |
| Keyboard | G.Skill KM780R |
| Software | Arch Linux + Win10 |
If the news was about a possible vulnerability at VISA what would you do till VISA either confirms or denies it? Would you say "hey, this is likely fake, trying to make VISA look bad" or would you keep an eye on your transactions, just in case?
In any case, at this point I'd say this is likely not fake since, as poorly as this has been handled, CTS Labs say they have proof of concept attacks and they've submitted them for review.
- Joined
- Apr 19, 2011
- Messages
- 2,198 (0.43/day)
- Location
- So. Cal.
Would be good to have a Poll on this... or did I miss that?
- Joined
- May 22, 2015
- Messages
- 14,344 (3.95/day)
| Processor | Intel i5-12600k |
|---|---|
| Motherboard | Asus H670 TUF |
| Cooling | Arctic Freezer 34 |
| Memory | 2x16GB DDR4 3600 G.Skill Ripjaws V |
| Video Card(s) | EVGA GTX 1060 SC |
| Storage | 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500 |
| Display(s) | Dell U3219Q + HP ZR24w |
| Case | Raijintek Thetis |
| Audio Device(s) | Audioquest Dragonfly Red :D |
| Power Supply | Seasonic 620W M12 |
| Mouse | Logitech G502 Proteus Core |
| Keyboard | G.Skill KM780R |
| Software | Arch Linux + Win10 |
Poll on what? Do we now decide whether a CVE is warranted by taking polls on TPU?
- Joined
- Apr 19, 2011
- Messages
- 2,198 (0.43/day)
- Location
- So. Cal.
Oh IDK... like is this a proper business practice from a company that intends to be about "protecting the world from vulnerabilities".
I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.
This remind me of the one thing that nationality fears more than anything... being labeled a "Freier". In this case they appear to be..., or they tried to ransom AMD and the response was we are not working with extortionists.
In this way they did a bunch of work and aren't recouping anything, at least that we're privy too!
I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.
This remind me of the one thing that nationality fears more than anything... being labeled a "Freier". In this case they appear to be..., or they tried to ransom AMD and the response was we are not working with extortionists.
In this way they did a bunch of work and aren't recouping anything, at least that we're privy too!
Last edited:
- Joined
- May 22, 2015
- Messages
- 14,344 (3.95/day)
| Processor | Intel i5-12600k |
|---|---|
| Motherboard | Asus H670 TUF |
| Cooling | Arctic Freezer 34 |
| Memory | 2x16GB DDR4 3600 G.Skill Ripjaws V |
| Video Card(s) | EVGA GTX 1060 SC |
| Storage | 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500 |
| Display(s) | Dell U3219Q + HP ZR24w |
| Case | Raijintek Thetis |
| Audio Device(s) | Audioquest Dragonfly Red :D |
| Power Supply | Seasonic 620W M12 |
| Mouse | Logitech G502 Proteus Core |
| Keyboard | G.Skill KM780R |
| Software | Arch Linux + Win10 |
Ah, so of all this thread your beef is with the whistleblower. I get it now.
- Joined
- Mar 18, 2015
- Messages
- 2,970 (0.80/day)
- Location
- Long Island
Im still waiting to see a "aww... look at what happened to this guy" story from any of these "major defects"
FordGT90Concept
"I go fast!1!11!1!"
- Joined
- Oct 13, 2008
- Messages
- 26,263 (4.34/day)
- Location
- IA, USA
| System Name | BY-2021 |
|---|---|
| Processor | AMD Ryzen 7 5800X (65w eco profile) |
| Motherboard | MSI B550 Gaming Plus |
| Cooling | Scythe Mugen (rev 5) |
| Memory | 2 x Kingston HyperX DDR4-3200 32 GiB |
| Video Card(s) | AMD Radeon RX 7900 XT |
| Storage | Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM |
| Display(s) | Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI) |
| Case | Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay |
| Audio Device(s) | Realtek ALC1150, Micca OriGen+ |
| Power Supply | Enermax Platimax 850w |
| Mouse | Nixeus REVEL-X |
| Keyboard | Tesoro Excalibur |
| Software | Windows 10 Home 64-bit |
| Benchmark Scores | Faster than the tortoise; slower than the hare. |
I just wanted to say that I'm glad TechPowerUp is doing editorial updates to an article. I'd like to see improvements in terms of making it clear what changed in each update though. It looks like, in its present state, only one update is clearly marked at the bottom.
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
- Joined
- Mar 17, 2005
- Messages
- 9,106 (1.24/day)
- Location
- Dorset where else eh? >>> Thats ENGLAND<<<
- Joined
- May 14, 2004
- Messages
- 28,638 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
Just added two links to follow up stories and bumped the update number.
- Joined
- May 22, 2015
- Messages
- 14,344 (3.95/day)
| Processor | Intel i5-12600k |
|---|---|
| Motherboard | Asus H670 TUF |
| Cooling | Arctic Freezer 34 |
| Memory | 2x16GB DDR4 3600 G.Skill Ripjaws V |
| Video Card(s) | EVGA GTX 1060 SC |
| Storage | 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500 |
| Display(s) | Dell U3219Q + HP ZR24w |
| Case | Raijintek Thetis |
| Audio Device(s) | Audioquest Dragonfly Red :D |
| Power Supply | Seasonic 620W M12 |
| Mouse | Logitech G502 Proteus Core |
| Keyboard | G.Skill KM780R |
| Software | Arch Linux + Win10 |
Same thing that happened because of Spectre and Meltdown, I guess.
Seriously speaking though these aren't about what happens to this or that guy. These are more about ways to breach into servers and other stuff that has a good chance of going unnoticed. Think someone managing to escape their VM on a rented server and reading others' data.
These aren't the kind of vulnerabilities your next door script kiddie will abuse at will.
@W1zzard If you would properly prefix each update with "Update 1", "Update 2" and so on, that would be dreamy.
- Joined
- May 14, 2004
- Messages
- 28,638 (3.74/day)
| Processor | Ryzen 7 5700X |
|---|---|
| Memory | 48 GB |
| Video Card(s) | RTX 4080 |
| Storage | 2x HDD RAID 1, 3x M.2 NVMe |
| Display(s) | 30" 2560x1600 + 19" 1280x1024 |
| Software | Windows 10 64-bit |
Low quality post by i7Baby
- Joined
- May 4, 2016
- Messages
- 82 (0.02/day)
- Location
- Melbourne
| System Name | Edit King |
|---|---|
| Processor | i7 3930k |
| Motherboard | ASRock X79 Extreme 6 |
| Cooling | Corsair H110i GT |
| Memory | 4 x 4GB GSkill 2133 |
| Video Card(s) | R9 Nano x 2 |
| Storage | Seagate Barracuda 2TB |
| Display(s) | LG 34UM88 |
| Power Supply | EVGA G2 750 |
| Mouse | Gigabyte M6580 |
| Keyboard | Azio |
Gamers Nexus showed this to be a lot of BS. A paid by Intel article?
- Joined
- May 6, 2012
- Messages
- 184 (0.04/day)
- Location
- Estonia
| System Name | Steamy |
|---|---|
| Processor | Ryzen 7 2700X |
| Motherboard | Asrock AB350M-Pro4 |
| Cooling | Wraith Prism |
| Memory | 2x8GB HX429C15PB3AK2/16 |
| Video Card(s) | R9 290X WC |
| Storage | 960Evo 500GB nvme |
| Case | Fractal Design Define Mini C |
| Power Supply | Seasonic SS-660XP2 |
| Software | Windows 10 Pro |
| Benchmark Scores | http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n |
According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).
https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs
https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs
Last edited:
- Joined
- May 22, 2015
- Messages
- 14,344 (3.95/day)
| Processor | Intel i5-12600k |
|---|---|
| Motherboard | Asus H670 TUF |
| Cooling | Arctic Freezer 34 |
| Memory | 2x16GB DDR4 3600 G.Skill Ripjaws V |
| Video Card(s) | EVGA GTX 1060 SC |
| Storage | 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500 |
| Display(s) | Dell U3219Q + HP ZR24w |
| Case | Raijintek Thetis |
| Audio Device(s) | Audioquest Dragonfly Red :D |
| Power Supply | Seasonic 620W M12 |
| Mouse | Logitech G502 Proteus Core |
| Keyboard | G.Skill KM780R |
| Software | Arch Linux + Win10 |
A hardware flaw that needs a specific OS to exploit seems uber-suspicious.
Edit: Then again, seeing how mobo makers implement UEFI just so that it works on Windows, maybe not?
Last edited:
- Joined
- Apr 1, 2008
- Messages
- 4,694 (0.75/day)
- Location
- Portugal
| System Name | HTC's System |
|---|---|
| Processor | Ryzen 5 5800X3D |
| Motherboard | Asrock Taichi X370 |
| Cooling | NH-C14, with the AM4 mounting kit |
| Memory | G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB |
| Video Card(s) | Sapphire Pulse 6600 8 GB |
| Storage | 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III |
| Display(s) | LG 27UD58 |
| Case | Fractal Design Define R6 USB-C |
| Audio Device(s) | Onboard |
| Power Supply | Corsair TX 850M 80+ Gold |
| Mouse | Razer Deathadder Elite |
| Software | Ubuntu 20.04.6 LTS |
Then it turns out i was more on point then i thought:
I'll ask again: doesn't that mean it's Windows vulnerabilites when using Zen based hardware?
FordGT90Concept
"I go fast!1!11!1!"
- Joined
- Oct 13, 2008
- Messages
- 26,263 (4.34/day)
- Location
- IA, USA
| System Name | BY-2021 |
|---|---|
| Processor | AMD Ryzen 7 5800X (65w eco profile) |
| Motherboard | MSI B550 Gaming Plus |
| Cooling | Scythe Mugen (rev 5) |
| Memory | 2 x Kingston HyperX DDR4-3200 32 GiB |
| Video Card(s) | AMD Radeon RX 7900 XT |
| Storage | Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM |
| Display(s) | Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI) |
| Case | Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay |
| Audio Device(s) | Realtek ALC1150, Micca OriGen+ |
| Power Supply | Enermax Platimax 850w |
| Mouse | Nixeus REVEL-X |
| Keyboard | Tesoro Excalibur |
| Software | Windows 10 Home 64-bit |
| Benchmark Scores | Faster than the tortoise; slower than the hare. |
Could underline changes and subscript the update number at the end of each one.