• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Two New Security Vulnerabilities to Affect AMD EPYC Processors

Joined
Sep 28, 2012
Messages
785 (0.25/day)
System Name Potato PC
Processor AMD Ryzen 5 3600
Motherboard ASRock B550M Steel Legend
Cooling ID Cooling SE 224XT Basic
Memory 32GB Team Dark Alpha DDR4 3600Mhz
Video Card(s) MSI RX 5700XT Mech OC
Storage Kingston A2000 1TB + 8 TB Toshiba X300
Display(s) Mi Gaming Curved 3440x1440 144Hz
Case Cougar MG120-G
Audio Device(s) Plantronic RIG 400
Power Supply Seasonic X650 Gold
Mouse Logitech G903
Keyboard Logitech G613
Benchmark Scores Who need bench when everything already fast?
Don't take his snarks personal. In some sense he is right, there is no vulnerability unless we know it...

I never took seriously what was on the internet, especially on open forum :p
Previously we had a discussion with similar topic, point is that security vulnerabilities are important even if they are only "case studies", so that we can decide to disable certain features to minimize impact.
 
Joined
Jul 5, 2013
Messages
13,461 (4.64/day)
Location
USA
System Name GPD-Q9
Processor Rockchip RK-3288 1.8ghz quad core
Motherboard GPD Q9_V6_150528
Cooling Passive
Memory 2GB DDR3
Video Card(s) Mali T764
Storage 16GB Samsung NAND
Display(s) IPS 1024x600
Joined
Jul 16, 2014
Messages
5,098 (2.02/day)
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Unless you're a high profile target, you still have almost completely nothing to worry about.
Absolutely right, but the tinfoil hat comment implies that there is wider spread conspiracy theory that targets everyone buying the chips. :p

we can decide to disable certain features to minimize impact.
this still assumes there is an active issue to take precautionary measures. if there is no actual problem no protective steps are needed. acting on theories is a waste of time.
 
Joined
Jun 3, 2010
Messages
1,914 (0.48/day)
this still assumes there is an active issue to take precautionary measures. if there is no actual problem no protective steps are needed. acting on theories is a waste of time.
Yeah, why is security important when the criminals aren't going to gain access to your computer...
Puns are not ironic, they are on point.
 
Last edited:
Joined
Sep 28, 2012
Messages
785 (0.25/day)
System Name Potato PC
Processor AMD Ryzen 5 3600
Motherboard ASRock B550M Steel Legend
Cooling ID Cooling SE 224XT Basic
Memory 32GB Team Dark Alpha DDR4 3600Mhz
Video Card(s) MSI RX 5700XT Mech OC
Storage Kingston A2000 1TB + 8 TB Toshiba X300
Display(s) Mi Gaming Curved 3440x1440 144Hz
Case Cougar MG120-G
Audio Device(s) Plantronic RIG 400
Power Supply Seasonic X650 Gold
Mouse Logitech G903
Keyboard Logitech G613
Benchmark Scores Who need bench when everything already fast?
this still assumes there is an active issue to take precautionary measures. if there is no actual problem no protective steps are needed. acting on theories is a waste of time.

"Security is as good as its weakest point". Barring the door for fear burglar breaking into your home may sound paranoid, but if you do it after theft, you probably shouldn't because there's nothing left. Just a matter of perspective.
 
Joined
Aug 20, 2007
Messages
15,207 (3.01/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL Ripjaws V Series 64GB (4 x 16GB) DDR4-3200
Video Card(s) EVGA GeForce RTX 3070 FTW3
Storage 2x Mushkin Pilot-E 2TB NVMe SSDs in bootable RAID0 by HIGHPOINT - SSD7202
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse Razer Deathadder v2
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/25631365 www.3dmark.com/spy/20539287 www.3dmark.com/pr/1054199
Joined
Feb 19, 2009
Messages
1,111 (0.25/day)
Location
I live in Norway
System Name 3 sys spec seperated by "|"
Processor R9 3900x| R7 1700 @3.75 | 4800H
Motherboard Asrock X570M | AB350M Pro 4 | Asus Tuf A15
Cooling Air | Air | duh laptop
Memory 64gb G.skill SniperX @3600 CL16 | 64GB | 32GB
Video Card(s) XFX RX 6800 Speedster |V64\Quadro P4000 | RTX2060M
Storage MP510 2TB, 660P 2TB, 2x860 evo 1tb | 960 500gb Intel 660P 1tb PM871 4x256gb ++| 1TB 660+ 1tb A1000
Display(s) AOC 28" 4K something + 1440p AOC 144hz something.
Case Phanteks EvolvX M-Atx
Power Supply Corsair RM850
Mouse g502 Lightspeed
Keyboard G915
Software win10,unraid,Manjaro
Benchmark Scores 30000FS, 16300 TS. Lappy, 7000 TS.
Somewhat significant, but if you have to compromise the Hypervisor to do it, its really only of concern when running in public cloud and you don't trust the vendor running it to secure the hypervisor.

and it's a feature that is new with 2nd or 3rd gen epyc cpu's, did not exist prior to it.
Intel doesn't have it, or maybe icelake-x brought it, either way it's really fresh so we were mostly fine before, but as said it's a selling point for cloud vendors "we cannot snoop anymore" or wait, we can by using these cve's.

time will tell, but this should tell people what it's about
 
Joined
Aug 17, 2017
Messages
274 (0.20/day)
well, I suppose if arm and intel can have vulnerability, why not amd. join in the fun amd!
 
Joined
Feb 21, 2006
Messages
1,091 (0.20/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X
Motherboard Asus Prime X570-Pro BIOS 3603 AM4 AGESA V2 PI 1.2.0.1 Patch A
Cooling Corsair H150i Pro
Memory 16GB Gskill Trident RGB DDR4-3200 14-14-14-34-1T
Video Card(s) GIGABYTE Radeon RX 580 GAMING 8GB
Storage Corsair MP600 1TB PCIe 4 / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 14TB
Display(s) HP ZR24w + LG 24MB35 on Neo-Flex® Dual Monitor Lift Stand
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB
Keyboard Logitech G810
Software Windows 10 Pro x64 21H1
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/1bigrn
Since all 3 generations use the same socket, this will be a good way to get them to upgrade to a Milan chip so they can enable SEV-SNP.
 
Joined
Jul 16, 2014
Messages
5,098 (2.02/day)
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
"Security is as good as its weakest point". Barring the door for fear burglar breaking into your home may sound paranoid, but if you do it after theft, you probably shouldn't because there's nothing left. Just a matter of perspective.
True enough, you cant fix something if you dont know what to look for, so the process waits on the white paper.

Yeah, why is security important when the criminals aren't going to gain access to your computer..

this is out of context of what I was replying to.
 
Joined
Jul 3, 2019
Messages
174 (0.24/day)
Location
Bulgaria
Processor 6700K
Motherboard M8G
Cooling D15S
Memory 16GB 3k15
Video Card(s) 2070S
Storage 850 Pro
Display(s) U2410
Case Core X2
Audio Device(s) ALC1150
Power Supply Seasonic
Mouse Razer
Keyboard Logitech
Software 20H2
Now since AMD are catching up with market share, I won't be surprised if they ended having more vulnerabilities than Intel. LUL
Since all 3 generations use the same socket, this will be a good way to get them to upgrade to a Milan chip so they can enable SEV-SNP.
These vulnerabilities are quite profitable. ;)
 
Joined
Mar 29, 2014
Messages
94 (0.04/day)
I'm just here to say the first sentence is not only misleading it is patently FALSE. Amazed this is still going on from a supposed professional site.

The truth
"The exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor."
So you need admin priv to make system insecure...lmao

From the original- " While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES."
LMAO! How can it be more severe if you already have admin privelidge? TOTAL BS

Here's a list of Intel Xeon cpu's that are vulnerable as well.
 
Last edited:
Top