Don't take his snarks personal. In some sense he is right, there is no vulnerability unless we know it...
-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
Two New Security Vulnerabilities to Affect AMD EPYC Processors
- Thread starter AleksandarK
- Start date
- Joined
- Sep 28, 2012
- Messages
- 984 (0.21/day)
| System Name | Poor Man's PC |
|---|---|
| Processor | Ryzen 7 7700 |
| Motherboard | MSI B650M Mortar WiFi |
| Cooling | AMD Wraith Prism |
| Memory | 32GB GSkill Flare X5 DDR5 6000Mhz |
| Video Card(s) | XFX Merc 310 Radeon RX 7900 XT |
| Storage | XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320 |
| Display(s) | Xiaomi G Pro 27i MiniLED |
| Case | Asus A21 Case |
| Audio Device(s) | MPow Air Wireless + Mi Soundbar |
| Power Supply | Enermax Revolution DF 650W Gold |
| Mouse | Logitech MX Anywhere 3 |
| Keyboard | Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers |
| VR HMD | Meta Quest 2 |
| Benchmark Scores | Who need bench when everything already fast? |
I never took seriously what was on the internet, especially on open forum
Previously we had a discussion with similar topic, point is that security vulnerabilities are important even if they are only "case studies", so that we can decide to disable certain features to minimize impact.
- Joined
- Jul 5, 2013
- Messages
- 30,676 (7.09/day)
- Joined
- Jul 16, 2014
- Messages
- 8,246 (2.09/day)
- Location
- SE Michigan
| System Name | Dumbass |
|---|---|
| Processor | AMD Ryzen 7800X3D |
| Motherboard | ASUS TUF gaming B650 |
| Cooling | Artic Liquid Freezer 2 - 420mm |
| Memory | G.Skill Sniper 32gb DDR5 6000 |
| Video Card(s) | GreenTeam 4070 ti super 16gb |
| Storage | Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black |
| Display(s) | 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9) |
| Case | Phanteks Enthoo Primo w/8 140mm SP Fans |
| Audio Device(s) | onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1 |
| Power Supply | Corsair HX1000i |
| Mouse | Steeseries Esports Wireless |
| Keyboard | Corsair K100 |
| Software | windows 10 H |
| Benchmark Scores | https://i.imgur.com/aoz3vWY.jpg?2 |
Absolutely right, but the tinfoil hat comment implies that there is wider spread conspiracy theory that targets everyone buying the chips.
this still assumes there is an active issue to take precautionary measures. if there is no actual problem no protective steps are needed. acting on theories is a waste of time.
Yeah, why is security important when the criminals aren't going to gain access to your computer...
Puns are not ironic, they are on point.
Last edited:
- Joined
- Sep 28, 2012
- Messages
- 984 (0.21/day)
| System Name | Poor Man's PC |
|---|---|
| Processor | Ryzen 7 7700 |
| Motherboard | MSI B650M Mortar WiFi |
| Cooling | AMD Wraith Prism |
| Memory | 32GB GSkill Flare X5 DDR5 6000Mhz |
| Video Card(s) | XFX Merc 310 Radeon RX 7900 XT |
| Storage | XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320 |
| Display(s) | Xiaomi G Pro 27i MiniLED |
| Case | Asus A21 Case |
| Audio Device(s) | MPow Air Wireless + Mi Soundbar |
| Power Supply | Enermax Revolution DF 650W Gold |
| Mouse | Logitech MX Anywhere 3 |
| Keyboard | Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers |
| VR HMD | Meta Quest 2 |
| Benchmark Scores | Who need bench when everything already fast? |
"Security is as good as its weakest point". Barring the door for fear burglar breaking into your home may sound paranoid, but if you do it after theft, you probably shouldn't because there's nothing left. Just a matter of perspective.
- Joined
- Aug 20, 2007
- Messages
- 22,246 (3.44/day)
- Location
- Olympia, WA
| System Name | Pioneer |
|---|---|
| Processor | Ryzen 9 9950X |
| Motherboard | MSI MAG X670E Tomahawk Wifi |
| Cooling | Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans... |
| Memory | 128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK) |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5" |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64, other office machines run Windows 11 Enterprise |
It should also be noted it affects an enterprise only feature related to secure-vms.It should be noted that both of the vulnerabilities listed in this article are awaiting analysis and verification.
NVD - CVE-2020-12967
nvd.nist.gov
NVD - CVE-2021-26311
Consumer chips are unaffected.
- Joined
- Feb 19, 2009
- Messages
- 1,166 (0.20/day)
- Location
- I live in Norway
| Processor | 9800x3D| 5800x | 4800H | Rog ally |
|---|---|
| Motherboard | Gb x870 Aorus Elite ice | Asrack x470d4u | Asus Tuf A15 |
| Cooling | Air | Air | duh laptop |
| Memory | 64gb G.skill SniperX @3600 CL16 | 128gb | 32GB | 192gb |
| Video Card(s) | RTX 4080 |Quadro P5000 | RTX2060M |
| Storage | Many drives |
| Display(s) | AW3423dwf. |
| Case | Jonsbo D41 |
| Power Supply | Corsair RM850x |
| Mouse | g502x Lightspeed |
| Keyboard | G913 tkl |
| Software | win11, proxmox |
and it's a feature that is new with 2nd or 3rd gen epyc cpu's, did not exist prior to it.
Intel doesn't have it, or maybe icelake-x brought it, either way it's really fresh so we were mostly fine before, but as said it's a selling point for cloud vendors "we cannot snoop anymore" or wait, we can by using these cve's.
time will tell, but this should tell people what it's about
- Joined
- Feb 21, 2006
- Messages
- 2,361 (0.34/day)
- Location
- Toronto, Ontario
| System Name | The Expanse |
|---|---|
| Processor | AMD Ryzen 7 9800X3D |
| Motherboard | Asus Prime X670E-Pro Wifi BIOS 3222 AGESA PI 1.2.0.3a |
| Cooling | Corsair H150i Elite LCD XT |
| Memory | 64GB G.SKILL Trident Z5 Neo RGB DDR5 6000 CL 30-40-40-96 1T |
| Video Card(s) | XFX Radeon RX 7900 XTX Magnetic Air (25.3.1) |
| Storage | WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB |
| Display(s) | LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz |
| Case | Fractal Design Meshify S2 |
| Audio Device(s) | Creative X-Fi + Logitech Z-5500 + HS80 Wireless |
| Power Supply | Corsair AX850 Titanium |
| Mouse | Corsair Dark Core RGB SE |
| Keyboard | Corsair K100 |
| Software | Windows 10 Pro x64 22H2 |
| Benchmark Scores | https://valid.x86.fr/0412jp https://browser.geekbench.com/v6/cpu/11073923 |
Since all 3 generations use the same socket, this will be a good way to get them to upgrade to a Milan chip so they can enable SEV-SNP.
- Joined
- Oct 16, 2014
- Messages
- 671 (0.17/day)
| System Name | Work in progress |
|---|---|
| Processor | AMD Ryzen 5 3600 |
| Motherboard | Asus PRIME B350M-A |
| Cooling | Wraith Stealth Cooler, 4x140mm Noctua NF-A14 FLX 1200RPM Case Fans |
| Memory | Corsair 16GB (2x8GB) CMK16GX4M2A2400C14R DDR4 2400MHz Vengeance LPX DIMM |
| Video Card(s) | GTX 1050 2GB (for now) 3060 12GB on order |
| Storage | Samsung 860 EVO 500GB, Lots of HDD storage |
| Display(s) | 32 inch 4K LG, 55 & 48 inch LG OLED, 40 inch Panasonic LED LCD |
| Case | Cooler Master Silencio S400 |
| Audio Device(s) | Sound: LG Monitor Built-in speakers (currently), Mike: Marantz MaZ |
| Power Supply | Corsair CS550M 550W ATX Power Supply, 80+ Gold Certified, Semi-Modular Design |
| Mouse | Logitech M280 |
| Keyboard | Logitech Wireless Solar Keyboard K750R (works best in summer) |
| VR HMD | none |
| Software | Microsoft Windows 10 Home 64bit OEM, Captur 1 21 |
| Benchmark Scores | Cinebench R20: 3508 (WIP) |
fun: fugged up nightmare?
- Joined
- Jul 16, 2014
- Messages
- 8,246 (2.09/day)
- Location
- SE Michigan
| System Name | Dumbass |
|---|---|
| Processor | AMD Ryzen 7800X3D |
| Motherboard | ASUS TUF gaming B650 |
| Cooling | Artic Liquid Freezer 2 - 420mm |
| Memory | G.Skill Sniper 32gb DDR5 6000 |
| Video Card(s) | GreenTeam 4070 ti super 16gb |
| Storage | Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black |
| Display(s) | 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9) |
| Case | Phanteks Enthoo Primo w/8 140mm SP Fans |
| Audio Device(s) | onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1 |
| Power Supply | Corsair HX1000i |
| Mouse | Steeseries Esports Wireless |
| Keyboard | Corsair K100 |
| Software | windows 10 H |
| Benchmark Scores | https://i.imgur.com/aoz3vWY.jpg?2 |
True enough, you cant fix something if you dont know what to look for, so the process waits on the white paper.
this is out of context of what I was replying to.
- Joined
- Jul 3, 2019
- Messages
- 322 (0.15/day)
- Location
- Bulgaria
| Processor | 6700K |
|---|---|
| Motherboard | M8G |
| Cooling | D15S |
| Memory | 16GB 3k15 |
| Video Card(s) | 2070S |
| Storage | 850 Pro |
| Display(s) | U2410 |
| Case | Core X2 |
| Audio Device(s) | ALC1150 |
| Power Supply | Seasonic |
| Mouse | Razer |
| Keyboard | Logitech |
| Software | 22H2 |
I'm just here to say the first sentence is not only misleading it is patently FALSE. Amazed this is still going on from a supposed professional site.
The truth
"The exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor."
So you need admin priv to make system insecure...lmao
From the original- " While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES."
LMAO! How can it be more severe if you already have admin privelidge? TOTAL BS
Here's a list of Intel Xeon cpu's that are vulnerable as well.
The truth
"The exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor."
So you need admin priv to make system insecure...lmao
From the original- " While our approach is also applicable to traditional virtualization environments, its severity significantly increases with the attacker model of SEV-ES."
LMAO! How can it be more severe if you already have admin privelidge? TOTAL BS
Here's a list of Intel Xeon cpu's that are vulnerable as well.
Intel product specifications
Intel® product specifications, features and compatibility quick reference guide and code name decoder. Compare products including processors, desktop boards, server products and networking products.
ark.intel.com
Last edited: