From PC World: Researchers say they’ve discovered serious potential vulnerabilities within AMD’s Ryzen and Epyc chip architectures. AMD said it’s taking the reports seriously, though it wasn’t provided sufficient time to investigate or confirm them before their disclosure.
CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it’s discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera. All would require a program running with local access and administrator privileges to exploit them.
AMD confirmed it’s been made aware of the potential vulnerabilities. However, the statement AMD provided to PCWorld implied that the company wasn’t given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days.
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” AMD’s statement said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”
In a blog post on its site, AMD added: "This company [CTS Labs] was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings."
View: Article @ Source Site
