Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Hitman III: PC graphics perf benchmark review
TeamGroup CX2 1TB SATA3 SSD review
EVGA GeForce RTX 3070 FTW3 Ultra review
Corsair 5000D PC Chassis Review
NZXT Kraken X63 RGB Review
ASUS Radeon RX 6900 XT STRIX OC LC Review
TerraMaster F5-221 NAS Review
MSI Radeon RX 6800 XT Gaming X TRIO Review
Sapphire Radeon RX 6800 NITRO+ review
Corsair HS70 Bluetooth Headset Review

New Downloads
SiSoft Sandra 20/20 download v30.92
AMD Radeon Adrenalin Edition 21.1.1 driver download
CPU-Z download v1.95
Intel HD graphics Driver Download Version: DCH 27.20.100.9168
HWiNFO Download v6.41 (4355 Beta)
GeForce 461.33 hotfix driver download
Prime95 download version 30.4 build 7
AIDA64 Download Version 6.32.5620 beta
3DMark Download v2.16.7117 + Time Spy
Crystal DiskMark 8.0.1 Download


New Forum Topics
December 2020 Guru3D Contest Winner Announcements 3090 Owner's thread Rainmeter plugin for MSI Afterburner NVIDIA Profile Inspector 2.3.0.13 EU fines Valve and 5 other gaming companies for geo-blocking PC games GeForce Hotfix Driver Version 461.33 Solution for stuck VRAM mem at max clocks on AMD Navi10 ASUS RT-AX89X 10 Gigabit LAN compatible Wi-Fi 6 router Radeon Software Adrenalin 2020 Edition 21.1.1 Download & Discussion AMD Radeon 21.1.1 drivers confirmed to bring Radeon cards a massive boost in Hitman III




Guru3D.com » News » AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities

AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities

by Hilbert Hagedoorn on: 05/04/2018 07:45 AM | source: | 28 comment(s)
AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities

AMD has finished up its patches for vulnerabilities that security company CTS Labs announced last month. The chip designer reports that the updates for, among others, Epyc chips are in the final phase of testing and should become available next month through a Firmware patch.

CTS Labs announced the bugs unexpectedly and without any warning a while ago, according to the security company, it would take many months to close the vulnerabilities. CTS recently once more contacted Toms Hardware to 'express their concern about the lack of updates from AMD regarding these vulnerabilities'. The company said it believed many of the vulnerabilities 'would take months to fix'. One of them, Chimera, would even require a hardware change.

According to AMD we can expect updates this month, AMD has explained to Tom's Hardware. Ecosystem partners should already have the new patches for internal testing with this response:

Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly.  We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.

Let us again reiterate, the vulnerabilities within the AMD systems require admin privileges and for most things, physical access to the hardware to modify things, thus a local exploit in a context where Admin Access Rights are needed.

Meanwhile, CTS labs pushed another document full of accusations, released May 1st this month (there's not a single word on Intel recent or upcoming Vulnerabilities on their websites, of course):

 



AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities




« Samsung Electronics PRO Endurance Memory Card · AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities · Download: Display Driver Uninstaller Download version 17.0.8.6 »

Related Stories

AMD has lowered Radeon 6850 pricing in the EU - 08/10/2011 08:47 AM
AMD has decided to lower the pricing for Radeon HD 6850 based graphics cards, which now have an MSRP of 129

AMD has 10-core CPUs in the pipeline - 07/26/2011 09:28 AM
Lots of processor nes the past few days alright, a new roadmap leaked which shows that AMD is planning 10-core processors for consumers, they are planned for 2012 already. The processors are part of ...

AMD has over 800.000 DX11 class GPUs shipped - 12/16/2009 05:16 AM
Interesting story over at Xbitlabs today. They claim that Advanced Micro Devices, said on Monday that it had shipped over 800 thousand of graphics processing units (GPUs) that support DirectX 11 appli...


6 pages 1 2 3 4 5 6


easytomy
Member



Posts: 51
Joined: 2017-05-08

#5543766 Posted on: 05/04/2018 08:11 AM
They might want to disclose how much Intel paid CTS Labs... That would be really interesting to know. Is it 1 mil $, is it 10 mil $, is it 100 mil $ ???
It is so obvious and so directly targeted that nobody is interested in what they found.

Vananovion
Senior Member



Posts: 135
Joined: 2017-08-31

#5543774 Posted on: 05/04/2018 08:53 AM
Is there still anyone who thinks this "security" company is concerned about anyones security? This was shady from the start and this kind of pestering and language only reinforces my doubts, even though the vulnerabilities are legitimate (but still quite useless for a potential attacker).

Kudos to AMD for handling this with grace.

kd7
Senior Member



Posts: 151
Joined: 2014-03-22

#5543781 Posted on: 05/04/2018 09:28 AM
LOL since when is secure encryption considered "security through obscurity"? And a "security" citing wikipedia articles? LOOOOL

jose2016
Member



Posts: 79
Joined: 2016-12-31

#5543782 Posted on: 05/04/2018 09:28 AM
I completely agree. #1 and #2

386SX
Senior Member



Posts: 1049
Joined: 2017-06-26

#5543786 Posted on: 05/04/2018 09:56 AM
What does "CTS" stand for?:
Catch The Sperm :-)
(It's a PC game btw.!)

I cannot hear it anymore TBH. CTS here, CTS there. Publishing a 0-day without notifiying the vendor first, adding pressure and false accusations, bragging about the vendor is "not able to fix it in several weeks (as we said)" and so on.
1.) When came the point where you are able to define exactly how long "several weeks" are? Several weeks could be 50 weeks and still would be "in time". It's like "I need some time.". This doesn't specify exactly in what time neither. "Some time" could be 5 minutes, it could be 50 years.
2.) The behaviour (0-day, pressure, etc.) rings a lot of bells in my head, but not in the way I think of a "security researcher" or "security professional", that goes more in the direction "blackhat", "unethical" or at last "attention w*ore".

AMD did nothing wrong here (at least I am unable to see any wrongdoing).
Bullsh!t-bingo at its finest!

Btw.: Could you call this "cyber mobbing"? All indicators of classical mobbing are there: it happens not only once and over a (meanwhile) long period of time; it is only meant to destroy the reputation of one (usually individual, this time a company); false accusations and other unehtical methods are used to fulfil the goal, etc. etc. => sounds like mobbing to me.
What do you guys think? :-)

6 pages 1 2 3 4 5 6


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021