AMD Confirms CTS Labs Vulnerability Reports


There are 13 known vulnerabilities in AMD chips

Last week, CTS Labs released a report claiming that firmware used with AMD’s Ryzen and EPYC processors has more than a dozen vulnerabilities. CTS Labs gave AMD less than 24 hours to address these problems before going public.

Even though CTS Labs was roasted by journalists and the likes of Linus Torvalds, AMD has finally confirmed the findings and acknowledged the vulnerabilities. However, AMD also downplayed the criticality of these vulnerabilities.

AMD wrote in its advisory, “It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.”

According to Trail of Bits, “There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities.”

There is a caveat, though. Harry Sintonen, F-Secure’s Senior Security Consultant, once said it’s very easy to gain physical access to a victim’s machine. And once you have access to that machine, in AMD’s own words, that attacker would have “a wide range of attacks at their disposal.”

All said and done, this story seems to be less about the nature of the vulnerability and more about how CTS Labs reported it. CTS Labs seemingly resorted to the strategy of reporting it without giving away any technical details to build public pressure on such companies to fix it immediately.

With AMD coming out with a report within a week, that strategy seems to be working.

AMD Confirms CTS Labs Vulnerability Reports

Related content

comments powered by Disqus