AMD has finished up its patches for vulnerabilities that security company CTS Labs announced last month. The chip designer reports that the updates for, among others, Epyc chips are in the final phase of testing and should become available next month through a Firmware patch.
CTS Labs announced the bugs unexpectedly and without any warning a while ago, according to the security company, it would take many months to close the vulnerabilities. CTS recently once more contacted Toms Hardware to 'express their concern about the lack of updates from AMD regarding these vulnerabilities'. The company said it believed many of the vulnerabilities 'would take months to fix'. One of them, Chimera, would even require a hardware change.
According to AMD we can expect updates this month, AMD has explained to Tom's Hardware. Ecosystem partners should already have the new patches for internal testing with this response:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
Let us again reiterate, the vulnerabilities within the AMD systems require admin privileges and for most things, physical access to the hardware to modify things, thus a local exploit in a context where Admin Access Rights are needed.
Meanwhile, CTS labs pushed another document full of accusations, released May 1st this month (there's not a single word on Intel recent or upcoming Vulnerabilities on their websites, of course):
AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities