Slashdot Mirror

← Back to Stories (view on slashdot.org)

AMD Says Patches Coming Soon For Chip Vulnerabilities (securityweek.com)

Posted by msmash on from the up-next dept.

wiredmikey writes: After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) says patches are coming to address several security flaws in its chips. In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.

5 of 84 comments (clear)

  1. "Vulnerabilities" by TimothyHollins · · Score: 5, Insightful

    This was nothing more than a poorly sourced hitpiece.

    The list of vulnerabilities require administrator access. I doubt real security researchers would even consider that a vulnerability. There was nothing "disastrous" to report, and the claim by CTS Labs that it would "take 2 years to fix" the reported flaws was nothing short of outright lying. I wouldn't be surprised if Intel recently funded independent Israeli security researchers for goodwill.

    http://www.tomshardware.com/ne...

  2. Re:Response Intel vs AMD by mark-t · · Score: 4, Insightful
    First of all, this story has nothing to do with Meltdown or Spectre. It is about a set of AMD-specific bugs. Secondly, AMD wasn't affected by Meltdown. Nobody pretended it wasn't affected by Spectre other than people who didn't understand that when it was mentioned that "AMD was not affected", it was in reference to Meltdown only. The apparent disinformation is not acceptable, but is at least understandable because the news of both was publicly released essentially simultaneously and it would have been easy to misinterpret that AMD was unaffected as applying to both. This should have been more clearly worded in the initial release that made the statement. Nonetheless, a clarification was made when it became apparent that this is what people were believing.

    Finally, AMD's response to this is vastly more consumer-friendly than Intel's with respect to their own issues, because it only requires applying patches to existing hardware instead of having to go out and buy new hardware.

    --
    File under 'M' for 'Manic ranting'
  3. Re:Response Intel vs AMD by Khyber · · Score: 4, Informative

    "It is about a set of AMD-specific bugs"

    No, no it is not. It's about a set of bugs in a specific range of ASMedia chipsets that AMD uses in their products, which are also in use on plenty of Intel motherboards, which means they're likely just as vulnerable.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  4. Re:Response Intel vs AMD by alvinrod · · Score: 4, Informative

    It's even a little bit more constrained than that. It's about a set of bugs that require admin rights to exploit in a specific range of ASMedia chipsets that AMD uses in their products.

    For these to be a problem for you, you've probably already got a bigger set of problems. That doesn't mean that they shouldn't be patched, but that a far bigger deal has been made over this than necessary.

  5. Re:AMD, please remove the PSP by DamnOregonian · · Score: 4, Insightful

    This is what I wish people would take away from this :(
    Instead, they're too busy trying to ravenously defend AMD's misstep.
    We have got to get these closed ring -1 black box processors out of our fucking equipment. It's horse shit.