cancel
Showing results for 
Search instead for 
Did you mean: 

General Discussions

CTS-Labs Claims Bulldozer, Ryzen, EPYC Vulnerable to 13 critical security vulnerabilities

Take it with a grain of salt. Same company found Meltdown and Spectre, but gave the industry 200 days to respond, but they gave AMD fewer than 24 hours. The problems lie in the outsourced AsMedia components and AMD Secure Processor, NOT the chips themselves. AMD has faced the same calls as Intel to open source their reply to Intel ME citing security concerns, they have not. "Vanilla" Ryzen does not feature PSP, so they are not affected.

Report Claims AMD Ryzen, EPYC CPUs Contain 13 Security Flaws (Updated)

01

03

02

04

CTS-Labs published the information at amdflaws.com, which is a new site created by the small company. The company claims that it discovered the vulnerabilities while studying the impact of what it characterizes as known backdoors in ASMedia chipsets. The company claims these backdoors have existed for six years.

AMD uses ASMedia as its third-party chipset supplier, and CTS-Labs claims to have found the same backdoors on the Ryzen and EPYC chipsets. These backdoors purportedly allow hackers to inject malicious code directly into the Platform Secure Processor (PSP), which is a separate and secure processor that provides global management functionality.

The PSP (also called AMD Secure Processor functions much like Intel's Management Engine (ME), which has proven in the past to have vulnerabilities​. Neither AMD nor Intel open-source the code that runs on the processors, instead opting to run closed-source Linux distros.

0 Likes
7 Replies

Yea it's a hit job, though one that's direly needed, and could work to AMD's advantage if they play it right. AMD's stock price is unaffected, so investors aren't even paying attention to it, but if they were to open source their PSP, proving this is bullflop, something Intel refuses to do, it'd go a long way towards proving AMD is the more secure option.

0 Likes

I love the knee jerk reactions of this community.. Everyone thought Intel stock would plummet with spectre and meltdown, yet its higher than its ever been..

I remember security vulnerabilities like this happening decades ago and nothing was hardly ever said to the public about them..  They just patched them and went on, all the better..

What I find more interesting is how lead people such as Koduri jump ship and went to a direct competitor..

and now CEO Sanjay Jha of Global Foundries takes off unexpectedly also.. Something smells fishy at AMD with all these high ups moving on..

0 Likes

then there is this from an investors standpoint..

This is straight from Nasdaq's website.

Investor takeaways

AMD supporters have been quick to call the CTS report “much ado about nothing,” and in fact I doubt that security vulnerabilities in general will ever be sufficient to affect the price of a processor company, whether Intel or AMD. Certainly, the Meltdown and Spectre vulnerabilities have not caused Intel's stock to collapse. Just the opposite. Since January 5, Intel is up over 14%. In general, processor vulnerabilities appear to be a poor pretext to short a processor manufacturer.

But I wanted to take a moment to recapitulate where I stand on AMD, since it was recently pointed out to me that Tipranks has claimed that I rate AMD a buy. I don't.

AMD has two main problems right now. The biggest is the loss of Raja Koduri to Intel (INTC), and what that says about the competitiveness of AMD's GPUs. I'm sure Koduri didn't leave because he wasn't making enough money at AMD. He left because he didn't see a future there, having to compete with Nvidia (NVDA).

Before too many years, AMD will have two competitors in GPUs rather than one. AMD was struggling just to compete with Nvidia. AMD having to fight off both Nvidia and Intel is a complete non-starter.

Vega will receive no refresh this year. But Nvidia will probably launch a new GPU architecture this year. There's uncertainty about when it will be announced and when it will launch, and even what it will be called (Turing? Ampere?). But there's really no doubt that it is on its way, and it will leave Vega even further behind.

AMD's other main problem is GloFo. Much has been made of a statement to Anandtech by CEO Su that AMD would use both TSMC (TSM) and Global Foundries for 7 nm. Since the last renegotiation of the Wafer Supply Agreement (WSA) with GloFo, AMD already was using TSMC to build the semi-custom processors for its game console business. Presumably that will continue as TSMC's 7 nm process becomes available.

The renegotiated WSA hasn't let AMD out of its obligation to use GloFo for processors and GPUs, and won't unless there's yet another renegotiation. The idea that AMD will be allowed to split its business at will between TSMC and GloFo is wishful thinking on the part of AMD fans. GloFo simply needs AMD's business too much for that to happen.

AMD's dependence on GloFo for its core processor businesses is its main problem. Intel will have its 10 nm process in mass production this year. The first parts that come out will be for ultrathin notebooks and tablets, a key area for Ryzen Mobile APUs. With these being fabricated on the GloFo 14 nm process, the collision with Intel is likely to be bloody and painful for AMD.

So, once again, AMD's fate is tied very closely to Global Foundries, which just had a change of leadership, and has probably delayed its leading edge 7 nm process into next year. AMD is looking like a very poor turnaround bet. I continue to rate AMD a sell.

0 Likes
iamjanco
Journeyman III

0 Likes
paulmarc
Adept I

For more general consumption, conference call done by AnandTech to CTS-Labs:

Our Interesting Call with CTS-Labs

You be the judge...

0 Likes