By Darren Allan
Last week, an Israeli security outfit published details of security flaws that affected AMD processors, and we’ve now had official word from AMD acknowledging that the bugs in question are indeed real – although it added that they’re difficult to exploit, and that fixes are coming.
Israeli firm CTS Labs highlighted 13 vulnerabilities in its white paper, and unusually, only gave AMD 24 hours’ notice before making the research public. The vulnerabilities affected Ryzen and Ryzen Pro CPUs, as well as EPYC server processors.
Addressing the bugs, AMD’s CTO Mark Papermaster underlined the fact that root-level (administrator) OS access is needed to be able to leverage exploits against the vulnerabilities. That means they’re difficult to exploit – and anyone who managed to get unauthorized admin access to a machine could wreak all sorts of havoc on it, bugs notwithstanding.
Patches aplenty
Papermaster clarified that fixes are in the pipeline, and that firmware patches would be released via BIOS updates to tackle the Masterkey, Ryzenfall and Fallout groups of vulnerabilities. A fourth group of flaws, known as Chimera, which affects systems using the ‘Promontory’ chipset, will receive attention via mitigating patches delivered through BIOS updates.
AMD said it is “working with …read more
Source:: techradar.com – Computing Components
Previous post
Next post