• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Joined
Dec 30, 2010
Messages
2,198 (0.43/day)
Again, it's too early to claim such.

If i'd had a perfectly working exploit that bypasses, bios level and administrator rights, then i'd be the last one reporting that to AMD, and simply sell it to the highest bidder. Great PR if you've found 13 potential exploits, but the severe of these require a modified bios and administrator rights.

If i'd hack into a server, these exploits would fail me on a user or guest level.
 
Joined
Jul 5, 2013
Messages
27,855 (6.69/day)
Seriously, drop the official business act.
I think the words you're looking for are objectivity and responsibility.
This is a ruse.
That's what a lot of people said about Meltdown and Spectre.
If i'd hack into a server, these exploits would fail me on a user or guest level.
You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.
 
Joined
Dec 30, 2010
Messages
2,198 (0.43/day)
Yeah but for exploiting you need a server board that already has some sort of rigged bios.
 
Joined
Sep 10, 2014
Messages
626 (0.17/day)
Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD

U6bY9hHj5cpnm0Pn_thm.jpg
 
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
I think the words you're looking for are objectivity and responsibility.

That's what a lot of people said about Meltdown and Spectre.

You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.

rofl
 
Low quality post by Vya Domus
Joined
Jan 8, 2017
Messages
9,438 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
Ain't that a nice title.

It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.
 
Joined
Jul 5, 2013
Messages
27,855 (6.69/day)
Yeah but for exploiting you need a server board that already has some sort of rigged bios.
True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...
I hope I am wrong.
Very likely.
Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD
Meltdown and Spectre weren't?
It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.
Come on people, enough with the tin hat crap.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.81/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties involved to be validate and begin correcting the problem. Going straight to the press does two things. First of all, it gives AMD no time to craft a solution which extends the time that the public knows about it before a solution is in place. It also gives those with malicious intent a one-up on it, if they're real vulnerabilities. For whatever reason, this sounds like an attempt to discredit AMD. The rather childish names of these "issues" also makes me think that they're no real validity to this.

I wouldn't be surprised if this turns out to be fake or simply a vulnerability by having too much access in the first place.
 
Joined
Jan 8, 2017
Messages
9,438 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
enough with the tin hat crap.

My God , you might just be right.

Though we need quite a few more good looking dedicated sites (*Insert obnoxious Wix ad*) to spread the word with fancy names and dank memes.

Ain't nothing like that picture of the leaning tower of Pisa.
 
Joined
Dec 16, 2017
Messages
2,919 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Yeah but for exploiting you need a server board that already has some sort of rigged bios.

True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...

I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.

However, I agree that it would be really hard to pull off successfully without physical access in most cases.
 
Joined
Jul 5, 2013
Messages
27,855 (6.69/day)
What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory?
Oh, that might work. You'd need to both know about such a vulnerability and be sure it hasn't been patched.
 

phill

Moderator
Staff member
Joined
Jun 8, 2011
Messages
16,913 (3.43/day)
Location
Somerset, UK
System Name Not so complete or overkill - There are others!! Just no room to put! :D
Processor Ryzen Threadripper 3970X
Motherboard Asus Zenith 2 Extreme Alpha
Cooling Lots!! Dual GTX 560 rads with D5 pumps for each rad. One rad for each component
Memory Viper Steel 4 x 16GB DDR4 3600MHz not sure on the timings... Probably still at 2667!! :(
Video Card(s) Asus Strix 3090 with front and rear active full cover water blocks
Storage I'm bound to forget something here - 250GB OS, 2 x 1TB NVME, 2 x 1TB SSD, 4TB SSD, 2 x 8TB HD etc...
Display(s) 3 x Dell 27" S2721DGFA @ 7680 x 1440P @ 144Hz or 165Hz - working on it!!
Case The big Thermaltake that looks like a Case Mods
Audio Device(s) Onboard
Power Supply EVGA 1600W T2
Mouse Corsair thingy
Keyboard Razer something or other....
VR HMD No headset yet
Software Windows 11 OS... Not a fan!!
Benchmark Scores I've actually never benched it!! Too busy with WCG and FAH and not gaming! :( :( Not OC'd it!! :(
It's got to be true, it's on the internet... I read that somewhere....

As always, lets see what comes of it....
 
Joined
Jul 5, 2013
Messages
27,855 (6.69/day)
The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties
But that's the point, this isn't Google. It's a new no-name company trying to make a name for itself and wow the world with it's "mad skillz". Whether or not the company's motivations are dubious does not change the seriousness of the information provided nor the practical and responsible research that must go into verifying and fixing vulnerabilities.
 
Joined
Jan 8, 2017
Messages
9,438 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C

Space Lynx

Astronaut
Joined
Oct 17, 2014
Messages
17,282 (4.67/day)
Location
Kepler-186f
Processor 7800X3D -25 all core ($196)
Motherboard B650 Steel Legend ($179)
Cooling Frost Commander 140 ($42)
Memory 32gb ddr5 (2x16) cl 30 6000 ($80)
Video Card(s) Merc 310 7900 XT @3100 core $(705)
Display(s) Agon 27" QD-OLED Glossy 240hz 1440p ($399)
Case NZXT H710 (Red/Black) ($60)
Joined
Jan 8, 2017
Messages
9,438 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
Joined
Dec 16, 2017
Messages
2,919 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Apparently some are eating this up and giddily.

You know, if I didn't care about this potential security problem, and this were a "real-life forum", brick and mortar and all that, I'd totally get me some popcorn and enjoy seeing the fights between AMD-fans, Intel-fans, skeptical people, paranoid people and everyone else. From a safe distance, of course. Maybe set a betting pool too :laugh:
 

wow&wow

New Member
Joined
Aug 26, 2017
Messages
4 (0.00/day)
No address, no land line, 4 persons in Isral set up in 2017 (after Intel's "Meltdown inside" in June), ..., but just a website ($4.95/month) and a mobile number +1-585-233-0321!

"For the attacks to work, an attacker must first obtain administrator access to a targeted network, Guido said."

For the car thief to steal the car, the car thief must first obtain the car key and access to the car, CommonSense said.
 
Joined
Jan 13, 2016
Messages
667 (0.21/day)
Location
127.0.0.1, London, UK
System Name Warranty Void Mk.IV
Processor AMD Ryzen 5 5600
Motherboard Asus X470-I Strix
Cooling Phanteks PH-TC12LS + 2x Be Quiet! Pure Wings 2 140mm / Silverstone 120mm Slim
Memory Crucial Ballistix Elite 3600MHz 2x8GB CL16 - Tightened Sub-timings
Video Card(s) EVGA RTX 2080 XC Ultra
Storage WD SN550 / MX300 / MX500
Display(s) AOC CU34G2 / LG 29UM69G-B - Auxilary
Case CM NR200P
Audio Device(s) Realtek ALC 1220+SupremeFX
Power Supply Silverstone SX650-G 650W
Mouse Logitech G302/G303 SE/G502/G203 / MMO: Corsair Nightsword
Keyboard CM Masterkeys Pro M / Asus Sagaris GK100
VR HMD Oculus Rift S
Software Windows 10 Pro x64 - LTSB
This is so funny. These have little meaning until the exploits can be duplicated plus verified and the vulnerability can be used remotely.

People are making new accounts just to jump in on the fun.

Someone is just mad because AMD is ballin' in desktop/workstation and server. Let the games begin.
 
Last edited:
Joined
Dec 30, 2010
Messages
2,198 (0.43/day)
I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.

However, I agree that it would be really hard to pull off successfully without physical access in most cases.

It is possible. There are enough servers with outdated configuration and / or software hooked on the net. But for a succesfull bios update you need to restart the system. This will look very odd a server rebooting out of nowhere. Once that happend the payload could be triggered again and you could take over the complete system. Thus with any credentials that might apply on the machine. But this should trigger any admin in the first place, that something is going on.

There are several approaches to a succesfull attack. One of m might simply stick a USB drive into a running server and exploit it's chipset by a handwritten program. Upload your payload and good to go. But even if you 'hack' apache, your still a user, and a user compared to root has different priveledges. None of them as close to flashing a bios lol.
 
Joined
Jan 8, 2017
Messages
9,438 (3.27/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
This is so funny. These have little meaning until the exploits can be duplicated and verified and the vulnerability can be used remotely.

People are making new accounts just to jump in on the fun.


More fascinating are the highly technical discussions and debates about said vulnerabilities. The world is full of security experts , no wonder CTS-Labs managed to get their hands on such talents.
 
Joined
Nov 13, 2007
Messages
10,772 (1.73/day)
Location
Austin Texas
System Name stress-less
Processor 9800X3D @ 5.42GHZ
Motherboard MSI PRO B650M-A Wifi
Cooling Thermalright Phantom Spirit EVO
Memory 64GB DDR5 6000 CL30-36-36-76
Video Card(s) RTX 4090 FE
Storage 2TB WD SN850, 4TB WD SN850X
Display(s) Alienware 32" 4k 240hz OLED
Case Jonsbo Z20
Audio Device(s) Yes
Power Supply Corsair SF750
Mouse DeathadderV2 X Hyperspeed
Keyboard 65% HE Keyboard
Software Windows 11
Benchmark Scores They're pretty good, nothing crazy.
And to exploit all of this vulnerabilities u just need :

1. Physical access to the PC
2. Flash a BIOS with injected malware
3. Have Admin account on that PC

SO EZ : >

In other news: Home security panels vulnerable to burglars, once they break into the house and befriend the family dog.
 
Top