AMD downplays the severity of recent security allegations related to Ryzen

AMD today posted its own technical assessment of security issues raised by CTS Labs, an Israeli startup that caused a ruckus last week by disclosing to the public 13 supposedly "critical" flaws impacting AMD's Ryzen and Epic processor lines. Though AMD acknowledged that the vulnerabilities do in fact exist, the chip designer downplayed the situation on the basis that each of exploits requires administrative access.

"It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research," AMD stated in a blog post.

In other words, you're already hosed if a bad actor manages to gain administrative access to a system or network. Furthermore, AMD points out that all modern operating systems and enterprise-grade hypervisors have a slew of built mitigations to prevent hackers from gaining administrative privileges in the first place.

AMD's assessment is in stark contrast to that of CTS Labs, which most would agree handled the situation poorly. For one, it gave AMD less than 24 hours to respond to its finding, versus an industry standard of 90 days. The firm's reasoning was that it wasn't disclosing the technical details to the public, only to AMD and select companies like Microsoft, so users would not be at risk. Nevertheless, even CTS Labs has since acknowledged that it could have done better.

"We are a small group of security researchers. We have no past experience with making publications, and there is no question we messed this one up. We certainly learned some hard lessons here," CTS Labs told TechPowerUp.

The original article I wrote on the topic should have been more skeptical. It didn't take long for questions to arise. Of particular note was a separate website called Viceroy Research putting out a report saying "AMD is worth $0.00 and will have no choice but to file for Chapter 11 bankruptcy in order to effectively deal with the repercussions of recent discoveries." According to The Register, Viceroy Research said it had a short position on AMD's stock and intended to increase its position—meaning that Viceroy had a direct financial stake in seeing AMD's stock decline in value. It's not clear if Viceroy is related to the security researchers in any way, but CTS Labs also disclosed that it "may have, either directly or indirectly, an economic interest in the performance of securities of the companies whose products are the subject of our reports."

Whatever the case might be, AMD has analyzed the flaws and come to the conclusion that they're not as serious as CTS Labs made them out to be, which based on what we know appears to be accurate. Other security experts who have examined the flaws in detail say the same thing. For example, researchers at Trail of Bits, an independent security firm with no apparent skin in the game, said "there is no immediate risk of exploitation of these vulnerabilities for most users." Trail of Bits also noted that "even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities," requiring an effort that is "beyond the reach of most attackers."

That's not to say AMD is standing pat. The company said it's working on BIOS updates that mitigate the issues, and it doesn't expect these to have a performance impact.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Processors
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node
AMD Strix Point APU chip, held in a hand, with the reflected light showing the various processing blocks in the chip die
AMD's next-gen 'Gorgon Point' APU outted and seemingly sticks with RDNA 3.5 graphics which is disappointing for handheld gaming PCs if accurate
Nvidia CEO Jensen Huang delivering pancakes and sausages to pre-GTC show hosts and guests, wearing an apron
'There might be a party. I wasn't invited,' says Jensen Huang of the rumoured TSMC proposal to join forces and run Intel's chip fabs
Nvidia Feynman GPU
While we despair of RTX 50-series supplies and wait on next-gen Rubin, Nvidia reveals its next-next GPU architecture will be known as Feynman and is due in 2028
Nvidia Vera CPU
Nvidia reveals Vera, a new CPU with 'custom' cores which could be very exciting for its upcoming premium PC processor
Machinery tools and equipment,Rolls of galvanized steel for production metal pipes and tubes for industrial ventilation systems in factory.
New super-thin '2D' metal sheets could enable ultra-low power chips and can you guess how they're made? Yup, by squishing stuff really hard
Latest in News
Assassin's Creed Shadows promo image
Ubisoft scores a legendary ratio against Elon Musk on his own platform—which hopefully marks a final end to all the Assassin's Creed Shadows' culture war nonsense
Tzarina Katarin Bokha, the Ice Queen of Kislev
Total War: Warhammer 3 rolls out a cool Kislev overhaul, changes befitting Tzeench’s magic, new projectile units and creakier skeletal horses
An image of a golden first place award from Geoguessr
'We're actually getting GeoGuessr on Steam before GTA 6': the Google Street View puzzler arrives on Valve's platform this April
Napster client circa 1999
Former music-pirating platform Napster to be reborn rather ironically as a metaverse for musicians to connect with their fans after $207 million deal
The snazzy red and black HyperX Cloud Alpha wireless headphones float in a teal void. The microphone is attached to the headset.
The best wireless gaming headset is now even better in the Amazon Big Spring Sale, boasting a more than $50 discount
A chip being held up in an Intel fab
Intel is reportedly 'working to finalize commitments from Nvidia' as a foundry partner, suggesting gaming potential for the 18A node