13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

[delshay]

That doesn't always happen as it is triggered by a flag in the update process. If that flag is not set, the settings are not reset to defaults.


Holy crap! You'd think something like that would be locked down..

I will be looking at PDF documentation W/P pin of a BIOS chip to see if I can do anything in hardware, locking my BIOS chip in either software or hardware.

 

[1stn00b]

So this "vulnerabilities" are like using admin account to install web applications into Intel firmware with MeshCommander https://software.intel.com/en-us/blogs/2017/07/11/meshcommander-firmware-web-application

 

[SRB151]

This is specific to AMD Ryzen CPU's. No other CPU's are affected.

Actually, that is not known. Intel uses asmedia chips as well, and CTS never bothered to test this on any other processors.

 

[W1zzard]

Actually, that is not known. Intel uses asmedia chips as well.

Good point.

 

[Aderbas]

My impression or techpowerup still believes this news as true?

 

[EarthDog]

CVEs should be released about them in the coming days. Additional 3rd party validation (we have one sketchy source and one that for now seems legit) we should see perhaps Friday or Monday as they have said it took 3rd party 4-5 days to validate their findings.

 

[Rauelius]

You all understand this is likely fake and possible stock manipulation? CTS Labs themselves state they may have a financial interest in these results.

 

[EarthDog]

Loving the people that joined the conversation hundreds of posts in like we haven't discussed that possibility ad nauseam in the past two days, LOL!

 

[bug]

You all understand this is likely fake and possible stock manipulation? CTS Labs themselves state they may have a financial interest in these results.

If the news was about a possible vulnerability at VISA what would you do till VISA either confirms or denies it? Would you say "hey, this is likely fake, trying to make VISA look bad" or would you keep an eye on your transactions, just in case?
In any case, at this point I'd say this is likely not fake since, as poorly as this has been handled, CTS Labs say they have proof of concept attacks and they've submitted them for review.

 

[Casecutter]

Would be good to have a Poll on this... or did I miss that?

 

[bug]

Would be good to have a Poll on this... or did I miss that?

Poll on what? Do we now decide whether a CVE is warranted by taking polls on TPU?

 

[Casecutter]

Oh IDK... like is this a proper business practice from a company that intends to be about "protecting the world from vulnerabilities".

I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.

This remind me of the one thing that nationality fears more than anything... being labeled a "Freier". In this case they appear to be..., or they tried to ransom AMD and the response was we are not working with extortionists.

In this way they did a bunch of work and aren't recouping anything, at least that we're privy too!

 

[mtcn77]

Poll on what? Do we now decide whether a CVE is warranted by taking polls on TPU?

We had one before, but there wasn't any naming names. This one, however, should be more conspicuous about the offender of the obvious fandom.

 

[bug]

Oh IDK... like is this a proper business practice from a company that intends to be about "protecting the world from vulnerabilities".

I just say if they creditably want to protect me/you they would offer any company a judicious amount of time to both confirm and reply to such accusation. And, I'm not saying 90 days, more like 7 full working days, before making it public, and then provide the opportunity to interact in a relationship that plugs the holes, all while perhaps consigns that company some form of reimbursement for their work in helping.

This remind me of the one thing that nationality fears more than anything... being labeled a "Freier". In this case they appear to be..., or they tried to ransom AMD and the response was we are not working with extortionists.

In this way they did a bunch of work and aren't recouping anything, at least that we're privy too!

Ah, so of all this thread your beef is with the whistleblower. I get it now.

 

[John Naylor]

Im still waiting to see a "aww... look at what happened to this guy" story from any of these "major defects"

 

[FordGT90Concept]

I just wanted to say that I'm glad TechPowerUp is doing editorial updates to an article. I'd like to see improvements in terms of making it clear what changed in each update though. It looks like, in its present state, only one update is clearly marked at the bottom.

 

[dorsetknob]

Spoiler: Low Quality Post

"Fuck"

 

[W1zzard]

I just wanted to say that I'm glad TechPowerUp is doing editorial updates to an article. I'd like to see improvements in terms of making it clear what changed in each update though. It looks like, in its present state, only one update is clearly marked at the bottom.

Just added two links to follow up stories and bumped the update number.

 

[bug]

Im still waiting to see a "aww... look at what happened to this guy" story from any of these "major defects"

Same thing that happened because of Spectre and Meltdown, I guess.

Seriously speaking though these aren't about what happens to this or that guy. These are more about ways to breach into servers and other stuff that has a good chance of going unnoticed. Think someone managing to escape their VM on a rented server and reading others' data.
These aren't the kind of vulnerabilities your next door script kiddie will abuse at will.

@W1zzard If you would properly prefix each update with "Update 1", "Update 2" and so on, that would be dreamy.

 

[W1zzard]

If you would properly prefix each update with "Update 1", "Update 2" and so on, that would be dreamy.

The first updates were in-text changes and in short succession, so difficult to prefix those. Will try to handle this better in the future.

 

[i7Baby]

Gamers Nexus showed this to be a lot of BS. A paid by Intel article?

 

[ikeke]

According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

 

[bug]

According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

A hardware flaw that needs a specific OS to exploit seems uber-suspicious.

Edit: Then again, seeing how mobo makers implement UEFI just so that it works on Windows, maybe not?

 

[HTC]

According to AT call with CTS labs the exploits also require bare metal install of the OS (and OS has to be Windows?).

https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs

Then it turns out i was more on point then i thought:

Agreed!

Question: i read (skimmed) the whitepaper but i didn't see a mention of Linux or other OSs other then Windows ... doesn't that mean it's Windows vulnerabilites when using Zen based hardware?

I'll ask again: doesn't that mean it's Windows vulnerabilites when using Zen based hardware?

 

[FordGT90Concept]

The first updates were in-text changes and in short succession, so difficult to prefix those. Will try to handle this better in the future.

Could underline changes and subscript the update number at the end of each one.