Today's Hard|Forum Post
Today's Hard|Forum Post

Tuesday March 13, 2018

AMD CPU Attack Vectors and Vulnerabilities

This is a very interesting way to go about announcing a "Severe Security Advisory on AMD Processors" (PDF). The previous white paper link comes from the site, AMDFlaws.com. It is suggesting that AMD's entire new EPYC and Ryzen processor lines are open to thirteen "Critical Security Vulnerabilities and Manufacturer Backdoors." This comes at the suggestion of CTS-Labs, an Israel based security company. We are unsure if any of this has been replicated and verified or if any variants of these attack vectors are in the wild.

News Image

This all seems to be a very well produced announcement of these issues if those do in fact exist. I am getting with our security expert today in order to discuss the validities of these complaints. No matter what becomes of that, this is a very odd way of announcing security issues. Simply announcing these types of issues with no forewarning is also considered extremely irresponsible and AMD did not get warning of more than 24 hours in advance. We will be reaching out to AMD for further comment, but I doubt we will hear much since it will have to take time to validate and investigate.

The AMDFlaws.com domain was registered with GoDaddy on the 22nd of February and ownership of that domain is hidden by Domains By Proxy, LLC. That again strikes me as odd for a security company to hide the identity of domain ownership.

Discussion