AMD’s responds: Addressing the bug
One week ago, Israeli security firm CTS Labs released a white paper to the press revealing a number of vulnerabilities affecting current AMD processors. Today AMD acknowledged that the bugs in are indeed real – although AMD said that they’re difficult to exploit and the patches are coming.
CTS Labs accentuated thirteen vulnerabilities in its white paper and only gave AMD twenty-four hours notice before publishing the research globally. The vulnerabilities affected Ryzen and Ryzen Pro CPUs, as well as EPYC server processors.
AMD’s Chief Technology Officer Mark Papermaster addressed the bugs, underlining the fact that root-level (admin) OS ingress is needed to be able to leverage exploits against the vulnerabilities. That means they’re difficult to exploit – and anyone who managed to get unauthorized admin access to a machine could engender all sorts of desolation on it.
Patches are soon to be released through bios updates
AMD’s CTO Papermaster elucidated that fixes are in the pipe line, and firmware patches are soon to be released via BIOS updates to tackle the vulnerabilities. The Master key, Ryzen fall, and Fall out are all the obstacles striking the Platform Security Processor ‘PSP’, a tiny ARM core integrated into the chips which supply certain further features such as a firmware based TPM security module, these vulnerabilities will receive attention through mitigating patches delivered via BIOS updates.
AMD said: They are working together with a third-party source who delineated and manufactured the “Promontory chipset on appropriate mitigations”.
In all instances, AMD declared that there will be no impact on the performance of your hardware after the applied patches, which isn’t the case with Intel’s cures for Meltdown and Spectre, as we know Intel’s patches affected hardware performance horrendously
AMD said it would provide further analysis and updates on its mitigation plans in the coming weeks.