• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CTS Labs Posts Some Clarifications on AMD "Zen" Vulnerabilities

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,300 (7.53/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Joined
May 19, 2009
Messages
1,868 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
If the attacker has admin access, he has won the most of the battle already.
Is this a security hole? Yes. Are the huge, screaming names and shitty webpages inciting panic justified. Absolutely not.
 
Joined
Mar 7, 2011
Messages
4,626 (0.92/day)
I am really sad seing this Low quality posts and attitude from TPU personal !!
let me explain:
Low quality posts from TPU staff - you basically gave free Press (all they ever could wanted) to Stock price manipulators (multiple times - when lot of other tech portals stopped after first news, waiting for some more credible source confirmations).
Low quality attitude from TPU staff - sadly in this case self explanatory :(
Lets not discuss TPU staffs IQ of regurgitating wccftech level news posts and this new bot based censoring system here on this post. If you want create a thread in general discussion forum.

That Anandtechs interview raises more questions than answers. Also people claiming amd fanboys who blasted Intel for spectre/meltdown seem to have amnesia of events that tooks place when those bugs were discovered. Intel, AMD and ARM all had 6 months before bugs were made knowm to general public. Intel was the one who went to notify Chinese and Amazon regarding the security holes to make additional measurements to improve their infrastructre. This Cts is just targetting AMd for Asmedia bugs which are in use with millions of Intel motherboards as well.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,630 (6.68/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
This Cts is just targetting AMd for Asmedia bugs which are in use with millions of Intel motherboards as well

The way they write sounds more like a smear libel case though, aka a panic mode from a certain company...
 
Joined
Mar 10, 2014
Messages
1,793 (0.45/day)
It was very surprising that only AMD was targetted for use of Asmedia chips when those chips are common factor across the industry. Everyday more red flags are going up with regards to this mess.

Well they are targeting AM4 Promontory chipset, which is made by ASmedia not by amd itself and it's in every AM4 board. So if that Chimera vulnerability is legit, it will affect all asmedia chipset out there.
 
Low quality post by DeathtoGnomes
Joined
Jul 16, 2014
Messages
8,219 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
I'll say it again, this all to manipulate stock prices, mostly AMD, the smearing of AMD is just a bonus.
 
Last edited:
Joined
Mar 7, 2011
Messages
4,626 (0.92/day)
Well they are targeting AM4 Promontory chipset, which is made by ASmedia not by amd itself and it's in every AM4 board. So if that Chimera vulnerability is legit, it will affect all asmedia chipset out there.
Acknowledged all AsMedia based USB chipsets are vulnerable, yet still targeting just one specific company. If there is any concern it should be Intel MoBo which has way higher market share and they got 0 mention. Fishy AF.

CTS can spin this whatever they want. At least this end user is not buying into their BS.

Security experts, including Linus, weighs in on the situation after thr anandtech phone call.

https://www.realworldtech.com/forum/?threadid=175139&curpostid=175169


Lets see what they say after TPU phone call
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
19,107 (2.99/day)
Location
UK\USA
The problem is AMD hasn't handled it well. AMD has had no comment other than their strange blog post acknowledging the investigation into the claimed vulnerabilities. That post wasn't even written in clear professional terms ("certain of our processors" and doesn't even have a date). Until AMD writes/speaks and either declares the vulnerabilities fake or explains complexity it will continue being a story and TPU needs to cover it. You don't get bona fide debunks from random users named "BiGchiCKens14", you get it from the company.

You what ?, AMD should not have to say any thing, well except what they have done and that they are looking in to it. AMD did not even have chance to test this out fully yet and i am sure if they had 6 months like Intel did with the last vulnerabilities they would of had much more to say about it. But that was not the case here CTS acted like A holes ( i was thinking of a much more fitting word but ) by giving AMD time to actually test their claims which oddly enough are not willing to prove.

So best thing to do is sit and wait until we get solid proof on the situation, i amd sure AMD will do when the time is right and these things take time which they have not been given..
 
Joined
Sep 25, 2012
Messages
2,074 (0.46/day)
Location
Jacksonhole Florida
System Name DEVIL'S ABYSS
Processor i7-4790K@4.6 GHz
Motherboard Asus Z97-Deluxe
Cooling Corsair H110 (2 x 140mm)(3 x 140mm case fans)
Memory 16GB Adata XPG V2 2400MHz
Video Card(s) EVGA 780 Ti Classified
Storage Intel 750 Series 400GB (AIC), Plextor M6e 256GB (M.2), 13 TB storage
Display(s) Crossover 27QW (27"@ 2560x1440)
Case Corsair Obsidian 750D Airflow
Audio Device(s) Realtek ALC1150
Power Supply Cooler Master V1000
Mouse Ttsports Talon Blu
Keyboard Logitech G510
Software Windows 10 Pro x64 version 1803
Benchmark Scores Passmark CPU score = 13080
So best thing to do is sit and wait until we get solid proof on the situation, i amd sure AMD will do when the time is right and these things take time which they have not been given..
That's all we can do - but my concern is that in the meantime, all AMD systems may be vulnerable, especially the EPYC servers that are in use now, which could be spreading some of these exploits to other machines as we speak. That's why it was wrong for CTS to not wait a proper amount of time. Now that the exploits have been published, black hat hackers know what to target, and know there's no defense against it (for now).
 

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
19,107 (2.99/day)
Location
UK\USA
That's all we can do - but my concern is that in the meantime, all AMD systems may be vulnerable, especially the EPYC servers that are in use now, which could be spreading some of these exploits to other machines as we speak. That's why it was wrong for CTS to not wait a proper amount of time. Now that the exploits have been published, black hat hackers know what to target, and know there's no defense against it (for now).

Well that should be on CTS acting irresponsible and should be taken to the cleaners for acting the way they did. Sure AMD need to do some thing and chances are they are doing all they can.

In the end it's not a good place to be in but it's hardly AMD's fault or at least proven. It's a shame AMD cannot get the courts or who ever to get CTS to hand over there findings to get this resolved ASAP. In fact i think the government should step in and force they to do so.
 
Joined
Sep 25, 2012
Messages
2,074 (0.46/day)
Location
Jacksonhole Florida
System Name DEVIL'S ABYSS
Processor i7-4790K@4.6 GHz
Motherboard Asus Z97-Deluxe
Cooling Corsair H110 (2 x 140mm)(3 x 140mm case fans)
Memory 16GB Adata XPG V2 2400MHz
Video Card(s) EVGA 780 Ti Classified
Storage Intel 750 Series 400GB (AIC), Plextor M6e 256GB (M.2), 13 TB storage
Display(s) Crossover 27QW (27"@ 2560x1440)
Case Corsair Obsidian 750D Airflow
Audio Device(s) Realtek ALC1150
Power Supply Cooler Master V1000
Mouse Ttsports Talon Blu
Keyboard Logitech G510
Software Windows 10 Pro x64 version 1803
Benchmark Scores Passmark CPU score = 13080
It is AMD's fault, if you look at it objectively. They designed these chips on a shoestring budget, (and did a good job, on the surface). But in these days of frequent major hacks, it was irresponsible of AMD to do so without considering possible vulnerabilities. Their budget didn't have room for millions of dollars worth of testing and validation, and shortcuts were obviously taken. But they're still responsible for these flaws (their quick success with Ryzen came at the expense of users unwitting vulnerability to exploits). Just as Intel was ultimately responsible for the Spectre/Meltdown fiasco. Lack of due diligence on the part of both companies. Like with any product that causes damage or loss to someone - lawsuits are inevitable. And you certainly can't blame the consumers, all they did was trust a major company to do the right thing.
Also, CTS has already given AMD detailed examples of how to reproduce all the exploits (as stated in the original White paper). Isn't that what you mean by "handing over their findings"?
 
Last edited:

AsRock

TPU addict
Joined
Jun 23, 2007
Messages
19,107 (2.99/day)
Location
UK\USA
Thats like saying it's Microsofts fault that any of there OS's were not immune from viruses and what ever. There is always some thing else, Always.

I guess they did some what of a decent thing then giving that data to AMD but still, they should be taken to the cleaners for being douch bags.
 
Joined
Sep 25, 2012
Messages
2,074 (0.46/day)
Location
Jacksonhole Florida
System Name DEVIL'S ABYSS
Processor i7-4790K@4.6 GHz
Motherboard Asus Z97-Deluxe
Cooling Corsair H110 (2 x 140mm)(3 x 140mm case fans)
Memory 16GB Adata XPG V2 2400MHz
Video Card(s) EVGA 780 Ti Classified
Storage Intel 750 Series 400GB (AIC), Plextor M6e 256GB (M.2), 13 TB storage
Display(s) Crossover 27QW (27"@ 2560x1440)
Case Corsair Obsidian 750D Airflow
Audio Device(s) Realtek ALC1150
Power Supply Cooler Master V1000
Mouse Ttsports Talon Blu
Keyboard Logitech G510
Software Windows 10 Pro x64 version 1803
Benchmark Scores Passmark CPU score = 13080
Thats like saying it's Microsofts fault that any of there OS's were not immune from viruses and what ever. There is always some thing else, Always.

I guess they did some what of a decent thing then giving that data to AMD but still, they should be taken to the cleaners for being douch bags.
So AMD should sue CTS for causing them financial loss (drop in stock price because of negative publicity, if that actually occurs). Depends on Whether they can convince a jury that it was intentional, or possibly presented in a negligent way. AMD stock went up the next day, now it's very slowly dropping. It will be very important that AMD puts the right spin on this, and they can't wait too long, or it makes it worse. I hope they do it right and weather this latest storm with no lasting damage. We need them to be healthy and competitive, to keep Intel and NVIDIA in check (and provide decent budget solutions).
 
Joined
Jul 16, 2014
Messages
8,219 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
So AMD should sue CTS for causing them financial loss (drop in stock price because of negative publicity, if that actually occurs). Depends on Whether they can convince a jury that it was intentional, or possibly presented in a negligent way. AMD stock went up the next day, now it's very slowly dropping. It will be very important that AMD puts the right spin on this, and they can't wait too long, or it makes it worse. I hope they do it right and weather this latest storm with no lasting damage. We need them to be healthy and competitive, to keep Intel and NVIDIA in check (and provide decent budget solutions).

The law suit, if any, will prolly come after AMD confirms any/all CTS claims. CTS should be reported to the SEC as well for attempted stock manipulation. As for AMD stock, its been on a steady decline for a while, and if you look the charts, price spikes are very common. IMO. AMD doesnt have to put any spin on this, just face it head on.
 
Top