Go Back   OC3D Forums > [OC3D] General Forums > OC3D News
Reply
 
Thread Tools Display Modes
 
  #1  
Old 13-03-18, 04:54 PM
WYP's Avatar
WYP WYP is offline
News Guru
 
Join Date: Dec 2010
Location: Northern Ireland
Posts: 13,768
Severe processor vulnerabilities discovered on AMD Ryzen Processors - 13 vulnerabilit

AMD was reportedly given less than 24 hours notice before CTS made the vulnerabilities public.



Read more about Ryzen's reported vulnerabilities.

__________________
One of these days I'll change my name to Mark Bench
Reply With Quote
  #2  
Old 13-03-18, 05:10 PM
Bartacus Bartacus is offline
OC3D Elite
 
Join Date: Apr 2013
Location: Ottawa, ON, Canada
Posts: 2,061
This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.
__________________
Guts: Ryzen 2700X / Asus CH7 Hero / 16GB FlareX 3200CL14 / Zotac GTX 1080Ti x2 / EVGA 1000W PSU / Case Labs M8
Storage: ADATA SX8200 1TB NVME / 6TB RAID0 HDD array / 4TB RAID0 SSD array
Water Cooling: Watercool HeatKiller IV blocks on CPU & GPUs / 4 360 rads + 1 240 rad / Singularity Computers reservoir / dual D5 pumps

Reply With Quote
  #3  
Old 13-03-18, 05:21 PM
g0ggles1994's Avatar
g0ggles1994 g0ggles1994 is offline
OC3D Crew
 
Join Date: Jan 2016
Location: Look Under Your Bed
Posts: 805
Quote:
Originally Posted by Bartacus View Post
This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.
Same here, there's a thread about it on /r/AMD and they're voicing the exact same concerns about this. Plus the timing of this just before Ryzen 2000 is far too convenient
__________________
Ryzen 1700X @ 3.6GHz | MSI X370 Gaming Pro Carbon | Corsair H100i v2 | 16GiB Corsair Vengeance LED Blue
ASUS RoG Strix Vega 64 8GiB | 240GB Corsair Neutron GTX | 1TB HGST | Corsair RM850 CableMod | Phanteks Enthoo Pro M TG
Reply With Quote
  #4  
Old 13-03-18, 05:37 PM
AlienALX's Avatar
AlienALX AlienALX is offline
OC3D Elite
 
Join Date: Mar 2015
Location: West Sussex
Posts: 11,598
Why does it seem like one guy in the video is reading from a script?

Ah well, so at least it's not just my BE chip that leaks like a hole ridden bucket
__________________
He used to do surgery
For girls in the eighties
But gravity always wins



Reply With Quote
  #5  
Old 13-03-18, 05:55 PM
WYP's Avatar
WYP WYP is offline
News Guru
 
Join Date: Dec 2010
Location: Northern Ireland
Posts: 13,768
Quote:
Originally Posted by Bartacus View Post
This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.
Quote:
Originally Posted by g0ggles1994 View Post
Same here, there's a thread about it on /r/AMD and they're voicing the exact same concerns about this. Plus the timing of this just before Ryzen 2000 is far too convenient
Regardless of the way you look at it, this issue has been handled the wrong way by CTS Labs, real or not.

The exploits themselves seem terrible when looking at the end game, but the requirements to exploit these issues make them seem extremely easy to avoid.

As mentioned in the article one of them requires BIOS-level malware. If somebody can do that you are well past the "we messed up" stage, as is the heightened privileges required for a lot of the others.

In short, this isn't spectre/meltdown, not even close. It seems like proper system security would avoid most of these problems.
__________________
One of these days I'll change my name to Mark Bench
Reply With Quote
  #6  
Old 13-03-18, 08:42 PM
barnsley's Avatar
barnsley barnsley is offline
born in a.....
 
Join Date: Dec 2012
Location: Cambridge
Posts: 7,216
Oh look they've already got a full stack of names for it. Chances are they've been sitting on this for a while and waited for the right time to release them. judging by the registration date for amdflaws.com it looks like this has been planned.

For info,
Creation Date: 2018-02-22T13:52:35Z
(obviously the domain was registered by proxy)



Bit suspect this company was founded in 2017 as well.

The whole site looks and reads (to me atleast) like a scam site. That coupled with the amazing 'research' by https://viceroyresearch.org just makes this whole thing look like a stock scam.
__________________
Rig: i7 [email protected]|2x8gb HyperX Fury|Intel z97-AR|Corsair H75| 2x Nvidia 1070 founders edition|Superflower leadex 750W gold|Inwin 904| 970 EVO 500GB m.2|512GB evo 840| Crucial MX 500 500GB|ASUS MG279Q +Acer S240HL| Windows 10 pro, 8.1 pro| Kubuntu LTS
Audio: Silverstone EB01-E+EB03+DT 770 Pro 250Ω+Samson SAGOMIC
Ducky Legend (cherry red)+Zowie AM-FG
Reply With Quote
  #7  
Old 13-03-18, 09:20 PM
RobM's Avatar
RobM RobM is offline
OC3D Elite
 
Join Date: May 2016
Location: Durham
Posts: 1,224
I am also inclined to think this is a deliberate means to damage AMD, given the timing just before the refresh, the recent reg for the domain it all just seems suspect to me
__________________
ASUS Prime x370 Pro | Ryzen 5 1600 | Antec 240 AIO | Corsair Vengance RGB 3000 2 x 8Gb | Asus Strix RX 470 | Samsung Evo 120gb ssd | Seagate Baracuda 1tb storage | EVGA 500w | Phanteks Entho ProM Acrylic Window | Windows 10 and Linux Manjaro
Reply With Quote
  #8  
Old 13-03-18, 09:25 PM
WYP's Avatar
WYP WYP is offline
News Guru
 
Join Date: Dec 2010
Location: Northern Ireland
Posts: 13,768
Quote:
Originally Posted by RobM View Post
I am also inclined to think this is a deliberate means to damage AMD, given the timing just before the refresh, the recent reg for the domain it all just seems suspect to me
I have seen a lot of tin foil hat theories on this, mostly saying that Intel is involved and highlighting the fact that the company is a big deal in Israel.

The way that this has been handled smells of a stock scam.

I have updated the article with a comment from AMD, which I will also include below.

Quote:
We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.
__________________
One of these days I'll change my name to Mark Bench
Reply With Quote
  #9  
Old 13-03-18, 11:10 PM
szc001 szc001 is offline
Newbie
 
Join Date: Feb 2018
Posts: 1
Smells like either a marketing stunt for a relatively new company, or else 'someone' stands to benefit from this.

It is also curious that all participants in the video are recorded in front of a green-screen; leads me to believe these guys work out of their mum's basement.

If it walks like a duck, and quacks like a duck...
Reply With Quote
  #10  
Old 14-03-18, 01:38 AM
Kleptobot's Avatar
Kleptobot Kleptobot is offline
Member
 
Join Date: Dec 2012
Location: Melbourne Australia
Posts: 223
All of the exploits have prerequisites that are already dangerous to allow anyone outside of admin to have

Masterkey - requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update

Ryzenfall - requires that an attacker be able to run a program with local-machine elevated administrator privileges.

Fallout - requires that an attacker be able to run a program with local-machine elevated administrator privileges

Chimera - requires a program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor

so all of these require local administrator privileges, and the last one requires a compromised signed driver... if an attacker has these they don't need any extra exploits
__________________
delided 3570k (watercooled)
hd7970 (watercooled)
8GB Gskill XM
3*140 SR1 Rad
all stuffed in an FD arc midi
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump










All times are GMT. The time now is 03:16 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.