Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities
AMD has finished up its patches for vulnerabilities that security company CTS Labs announced last month. The chip designer reports that the updates for, among others, Epyc chips are in the final phase of testing and should become available next month through a Firmware patch.
CTS Labs announced the bugs unexpectedly and without any warning a while ago, according to the security company, it would take many months to close the vulnerabilities. CTS recently once more contacted Toms Hardware to 'express their concern about the lack of updates from AMD regarding these vulnerabilities'. The company said it believed many of the vulnerabilities 'would take months to fix'. One of them, Chimera, would even require a hardware change.
According to AMD we can expect updates this month, AMD has explained to Tom's Hardware. Ecosystem partners should already have the new patches for internal testing with this response:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
Let us again reiterate, the vulnerabilities within the AMD systems require admin privileges and for most things, physical access to the hardware to modify things, thus a local exploit in a context where Admin Access Rights are needed.
Meanwhile, CTS labs pushed another document full of accusations, released May 1st this month (there's not a single word on Intel recent or upcoming Vulnerabilities on their websites, of course):
AMD has lowered Radeon 6850 pricing in the EU - 08/10/2011 08:47 AM
AMD has decided to lower the pricing for Radeon HD 6850 based graphics cards, which now have an MSRP of 129
AMD has 10-core CPUs in the pipeline - 07/26/2011 09:28 AM
Lots of processor nes the past few days alright, a new roadmap leaked which shows that AMD is planning 10-core processors for consumers, they are planned for 2012 already. The processors are part of ...
AMD has over 800.000 DX11 class GPUs shipped - 12/16/2009 05:16 AM
Interesting story over at Xbitlabs today. They claim that Advanced Micro Devices, said on Monday that it had shipped over 800 thousand of graphics processing units (GPUs) that support DirectX 11 appli...
D3M1G0D
Senior Member
Posts: 2068
Joined: 2017-03-10
Senior Member
Posts: 2068
Joined: 2017-03-10
#5543887 Posted on: 05/04/2018 04:25 PM
Relax. Nobody is taking CTS Labs seriously, and there's no point in generating more news about it. It was a failed assassination attempt, AMD is doing fine, it's all good.
AMD should call these people frauds, publicly, and write them off. All OSes are deliberately and purposefully written to open up to anyone with physical access and admin privileges! That's by design. No one should be giving these imbeciles the time of day, imo. They are worse than worthless.
Relax. Nobody is taking CTS Labs seriously, and there's no point in generating more news about it. It was a failed assassination attempt, AMD is doing fine, it's all good.
schmidtbag
Senior Member
Posts: 5637
Joined: 2012-11-10
Senior Member
Posts: 5637
Joined: 2012-11-10
#5543904 Posted on: 05/04/2018 05:01 PM
I guess it's good that AMD made patches to these "problems", just to appease the naysayers who would otherwise use their could-have-been "negligence" as flak, but at the same time I feel a little bit irritated that AMD is, in a way, justifying their actions. Don't feed the trolls.
So they should sue them for $10? Because that's probably all they're going to get out of it. :p
I guess it's good that AMD made patches to these "problems", just to appease the naysayers who would otherwise use their could-have-been "negligence" as flak, but at the same time I feel a little bit irritated that AMD is, in a way, justifying their actions. Don't feed the trolls.
AMD should sue those mofos for all they're worth.
So they should sue them for $10? Because that's probably all they're going to get out of it. :p
Aura89
Senior Member
Posts: 8141
Joined: 2008-07-31
Senior Member
Posts: 8141
Joined: 2008-07-31
#5543988 Posted on: 05/04/2018 09:01 PM
Wow, CTS labs, have you even read your own "letter"?
How much more unprofessional can a company get? lol?
Wow, CTS labs, have you even read your own "letter"?
How much more unprofessional can a company get? lol?
sykozis
Senior Member
Posts: 21794
Joined: 2008-07-14
Senior Member
Posts: 21794
Joined: 2008-07-14
#5544000 Posted on: 05/04/2018 09:59 PM
These guys are nothing but frauds. Even actual security experts have stated that it's impossible to predict exactly what AMD can or can not do with the Zen architecture because only AMD knows exactly how it functions.
Also, AMD stated that fixes would be available "in the coming weeks".... So, by that statement, AMD is on time with the patches and CTS Labs has invalidated themselves. No legitimate security company releases a statement 6 weeks later..... They do their public disclosure and move on... Also, no real security firm purposefully ignores vulnerable products such as CTS Labs has done.....
These guys are nothing but frauds. Even actual security experts have stated that it's impossible to predict exactly what AMD can or can not do with the Zen architecture because only AMD knows exactly how it functions.
Also, AMD stated that fixes would be available "in the coming weeks".... So, by that statement, AMD is on time with the patches and CTS Labs has invalidated themselves. No legitimate security company releases a statement 6 weeks later..... They do their public disclosure and move on... Also, no real security firm purposefully ignores vulnerable products such as CTS Labs has done.....
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 1210
Joined: 2014-07-22
AMD should call these people frauds, publicly, and write them off. All OSes are deliberately and purposefully written to open up to anyone with physical access and admin privileges! That's by design. No one should be giving these imbeciles the time of day, imo. They are worse than worthless.