I find it funny how this time round so many sites that were claiming that the claims from CTS were valid are all suspiciously staying quiet about this, and now also being quiet around the new round of Spectre Variant flaws particularly impacting Intel chips. The biases of the tech news sources are beginning to strongly reveal themselves, glad guru3d still has integrity to report it all!

AsiJu:

Well CTS having a court ruling demanding they pay AMD a few million in damage control would at least slow those scammers down the next time.

I think Intel's budget for marketing purposes is big enough to pay the bills, if they win more then they loose in the end it won't stop them. Although this attempt seems to have failed to damage AMD's reputation in any meaningful way.

AsiJu:

What, CTS Labs is still there? Also gotta love this: AMD: "... as well as patches mitigating Chimera across all AMD platforms..." CTS Labs: "... CHIMERA cannot be directly fixed..."

Not saying anything good about CTS here, but I do wish to point out that mitigating is not the same as fixing. If it matters to anyone, it might be a good idea to get a clear answer from AMD on this particular point.

^/^^ mitigation is good choice of words in this situation. 1st it does not imply that there is no more chance to pull similar thing when 'attacker' has direct physical access to system. (Since this is smearing campaign and use of wording implying 100% safety may come with barrage of dirt later.) 2ndly, there is really no such thing as 100% safety from actions of someone having access needed in those 'attacks'. So, if anyone wants to cause harm with such access, then system will get screwed in other way.

Shame on 911-nation's CTS for their hitjob! Interesting none-the-less. If anything hopefully it will encourage AMD to get on it. AMD's own website, blog, and forum haven't released any data about any patches. The link also falsely cites, like AMD's blog, outdated and or incorrect data, falsely claiming these exploits are only possible with admin access, whereas CVEdetails & NIST.GOV clearly state they are remote exploits capable over the network and do not require permissions or authentication All 13 exploits are exploitable remotely over the network, with zero privileges, meaning no admin access necessary, as reported by NIST.GOV & cvedetails.com https://www.cvedetails.com/vulnerability-list/vendor_id-7043/AMD.html https://nvd.nist.gov/vuln/detail/CVE-2018-8936 https://nvd.nist.gov/vuln/detail/CVE-2018-8935 https://nvd.nist.gov/vuln/detail/CVE-2018-8934 https://nvd.nist.gov/vuln/detail/CVE-2018-8933 https://nvd.nist.gov/vuln/detail/CVE-2018-8932 https://nvd.nist.gov/vuln/detail/CVE-2018-8931 https://nvd.nist.gov/vuln/detail/CVE-2018-8930 HP appears to be the only one releasing patches: https://support.hp.com/gb-en/document/c05950716 HP's website, like AMD cites the same outdated and or incorrect information. HP patched their servers which USE this chipset. HP's statements about "Commercial Desktop workstations not being impacted", they use Intel chipsets. They are patching "Commercial desktops and notebooks" for HP & Compaq computers. A great sign, however we are not seeing any of this with major third party motherboard vendors such as ASRock, ASUS, or MSI. Regarding Chimera backdoors, disabling the ASmedia chipset via bios would be a choice worth having until something better potentially comes along. 3rd party USB 3 controllers could be installed via PCI-E expansion slots. I have brought this to AMD's attention. There is a new firmware released on Nov 15, 2018 for the Asmedia ASM-1042A to ASM-1074 USB 3.x Controllers that should allow users to flash over any CHIMERA malware hiding in the firmware. Problem is if the malware gets in thereafter, you may have to wait for a future FW update. Most flashing utils and or chipsets wont allow flashing the same installed, or older firmware. In the age of chimera, not being able to flash over the same version FW is not a very wise policy. The last time an update was released was over a year ago, and before that, 2014; according to the previous link. https://www.station-drivers.com/index.php?option=com_remository&Itemid=353&func=select&id=462&lang=en I don't see anything suggesting FW level chimera vulnerabilities were addressed in this firmware, but a re-flash will overwrite any malware regardless... If ASmedia could release a security tool that automates this, running this regularly will ensure no hardware level exploits can remain intact on the chipset. I'm unware if asmedia locks users out from reflashing the same firmware.