Heads up about 13 vulnerabilities within AMD’s RYZEN and EPYC processors that could make some data breaches even worse. Note requires attackers to first gain administrative rights on a targeted network or computer.
CTS Labs, a Tel Aviv-based security company announced the vulnerabilities on AMDFLAW website and in videos published Tuesday (Above). The company also published a white paper that explains what the vulnerabilities are without including their full technical details.
So lets keep an eye on what happens as we don’t know all the details yet. Could be overblown.
Update from Alexandru Lepsa:
If you look at the “vulnerabilities”, the “worst” one requires you to manually flash your bios with basically a virus and some of the other claimed vulnerabilities require you to willingly exploit your system while in administrator mode, also one of the vulnerabilities is with a motherboard manufacturer and not AMD.
Their website was just registered, as was the whitepaper domain, and they only gave AMD 24 hours notice, which is very unusual, and then they don’t link any of their exploits to a CVE (https://cve.mitre.org/) which is even more unusual – basically unheard of.
Finally, their domain is WHOIS protected and they have this disclaimer on their site – “you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports”.
Not to mention this: https://imgur.com/OkWlIxA
Basically this looks like some sort of stock manipulation scheme or some other sort of sketchy attempt to confuse the public, kind of like all those bogus ICO whitepapers that look mostly legit but really aren’t and you only find out once you’ve already lost all your money.
No one is denying that these vulnerabilities may exist but it’s a bit akin to saying “doctors have discovered that if one shoots themselves in the foot, one will bleed” or that “news flash, if you give a robber keys to your home they will rob you”.