[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[apm]

24h timeframe to fix it sounds more like blackmail to me.

11 minutes ago, LAwLz said:

There is no standard procedure for vulnerabilities disclosures.

What should we call them out for exactly? Should we say "shame on you"? That won't change anything.

Yeah they should have given AMD time to fix these things but they didn't. It's not good but we have to live with their decisions and make the best out of it.

there are 2 ways to make bugs/exploits public, full disclosure and responsible disclosure. they chose the first one. 

24h isnt even enough for a small software company to fix one exploitable bug, but here we have 13 for a company as big as amd to fix.

[Mira Yurizaki]

9 minutes ago, LAwLz said:

Again, I haven't read the entire thing yet (barely started) but it seems to me like it is only one or a few out of the 13 exploits that has to do with the BIOS.

It's not a 13 step process where installing a compromised BIOS is the first step. It's 13 different attacks, some of which has to do with the BIOS.

I'm only focusing on the four that seem to be brought front and center in the OP, and the way I'm interpreting it is you install a compromised BIOS, which messes up the security zone in the CPU, which lets you then do other things in the system.

 

EDIT: From the whitepaper itself:

Quote

MASTERKEY is a set of three vulnerabilities allowing three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself.

The Ryzenfall, Fallout, and Chimera appear to be a consequence of this.

[hobobobo]

5 minutes ago, LAwLz said:

Vulnerabilities can be very serious even if they require admin privilege or BIOS flashing.

I will withhold my judgement until I have read through the information we got (actual information, not what some reddit post or whatever says), and I recommend you do the same.

Ive read the white paper, and while my knowledge is severly lacking to make concrete assessments, im not sure any of the things described, such as vtl1 memory write or chipset command execution, can not be achieved by other methods with the proposed methods of access to the system. The most severe thing i see there is access to onchip security conclave, but its not specified whether the encryption keys can be extracted, only command execution from the security proccessor in a limited way

[Blademaster91]

59 minutes ago, LAwLz said:

Gotta love the hypocrisy on this forum.

Intel has a security issue?

FUCK INTEL! I HOPE THEY GET SUED! WOHO AMD! INCOMPETENT MORONS CAN'T EVEN DESIGN A SECURE PROCESSOR!

AMD has security issues?

FUCK INTEL! I BET THIS IS FUNDED BY INTEL JUST TO MAKE AMD LOOK BAD! BY THE WAY NO NEED TO BE SCARED YOU GUYS! AMD PROCESSORS ARE SUPER SECURE!

How about we all calm down until we actually know what is going on?

It was announced just a few hours ago and I doubt people have even had the time to properly read through the white papers yet, much less analyzed the risks properly yet.

Remember, with Meltdown and Spectre there was A TON of misinformation being spread around based on assumptions or incomplete facts. I suspect the same thing will happen here. Don't believe everything you read on the Internet.

Edit: Also, regardless of whether or not it is a smear campaign (and regardless of who is behind it), the information and potential exploits should be taken seriously. You don't ignore potentially serious issues just because you don't like how the information was presented or obtained.

People are so quick to accuse anything but positive of AMD to be Intel shilling. I doubt Intel would so openly and brazenly smear AMD,especially now since they're working with AMD using their GPU's. Only 24 hours to examine is pretty low of them though taking this with a pile of salt and waiting to see how valid any of this news is.  Most of these attacks require root or BIOS access and makes them seem to be malware in comparison to spectre and meltdown.

[LAwLz]

3 minutes ago, VegetableStu said:

Just to check (although I might be a bit too late for due google diligence): is there a source code for this?

From what I can tell, no.

 

3 minutes ago, VegetableStu said:

Meltdown and Spectre had working code verifiable by any third party, although I'm not sure how soon after their public announcement were they posted

The day after.

 

 

2 minutes ago, hobobobo said:

Ive read the white paper, and while my knowledge is severly lacking to make concrete assessments, im not sure any of the things described, such as vtl1 memory write or chipset command execution, can not be achieved by other methods with the proposed methods of access to the system. The most severe thing i see there is access to onchip security conclave, but its not specified whether the encryption keys can be extracted, only command execution from the security proccessor in a limited way

I've only read a little bit of the paper, but so far it seems like a pretty bad document (as in, badly or vaguely written for a security white paper).

In any case, I think people should take a deep breath and wait until we have some more information before jumping to conclusions. It's a pretty bad idea to just assume things are one way or the other. All we know for now is that there might be known security issues with Ryzen processors. How severe they are remains to be seen but until then we should neither assume everything is fine, nor act like it's the end of the world.

[DoctorWho1975]

There is some shady shit with below average white paper, YT channel popped up 3 days ago and then domain just registered less then a month ago while demanding an immediate fix. 

[Mira Yurizaki]

The problem I have with the number of vulnerabilities is it feels exaggerated. If they are distinct vulnerabilities, why are they clumped together? Masterkey 1-3 are in the same table item, Ryzenfall-1 and Fallout-1 are in the same table item, etc.

[hobobobo]

24 minutes ago, LAwLz said:

I've only read a little bit of the paper, but so far it seems like a pretty bad document (as in, badly or vaguely written for a security white paper).

In any case, I think people should take a deep breath and wait until we have some more information before jumping to conclusions. It's a pretty bad idea to just assume things are one way or the other. All we know for now is that there might be known security issues with Ryzen processors. How severe they are remains to be seen but until then we should neither assume everything is fine, nor act like it's the end of the world.

Not saying its the end of the world of everything is just fine, im not even on the "intel shenenigans lul" bandwagon, im just saying that considering the quality of materials provided, wording of the paper, site and video, timing, method of disclosure and the disclaimer the motive does not seem to be as stated, as in "informing the public", esp with the "no known methods of mitigation" generously sprinkled through the whitepaper and the whole thing is being artificially inflated to be seen as the new meltdown but this time amd. This whole thing should be taken with a generous grain of salt and, probably, disregarded until AMD and qualified third parties have time to put out a statement.

This shit is everywhere and considering the way most, if not all, major vulnerabilities in the last god knows how long have been presented it is suspicios

 

And the most sus part of it all, as i see it, is the last paragraph on this page: https://amdflaws.com/disclaimer.html

 

edit: I guess im just annoyed since i also have vested interest in the amd stock wellbeing, and regardless of the market trend now i find such lobsided accusations distastefull

[Blademaster91]

1 hour ago, cj09beira said:

is intel being shady again?  

  Reveal hidden contents

 

 

I'd recommend people go read the white papers or wait for more news on these vulnerabilities instead, of course r/AMD is going to conspiracy theorize and blame Intel before we have any information or facts on the source.

33 minutes ago, apm said:

24h timeframe to fix it sounds more like blackmail to me.

there are 2 ways to make bugs/exploits public, full disclosure and responsible disclosure. they chose the first one. 

24h isnt even enough for a small software company to fix one exploitable bug, but here we have 13 for a company as big as amd to fix.

The organization stating they have an economic interest seems pretty shady,and only 24 hours to fix it although they aren't required to give a nice time window it still makes them look bad. No source code or Linux testing also seems suspicious,IMO.

[DoctorWho1975]

I'm curious.. any good researcher would not only look at this from a Windows point of view but... what about Linux? Not one mention of Linux anywhere on website or white paper.

[Mira Yurizaki]

21 minutes ago, Blademaster91 said:

People are so quick to accuse anything but positive of AMD to be Intel shilling. I doubt Intel would so openly and brazenly smear AMD,especially now since they're working with AMD using their GPU's. Only 24 hours to examine is pretty low of them though taking this with a pile of salt and waiting to see how valid any of this news is.  Most of these attacks require root or BIOS access and makes them seem to be malware in comparison to spectre and meltdown.

Didn't you know? It's the cool thing to bash the popular one regardless of anything they did or did not do.

[Drak3]

4 minutes ago, M.Yurizaki said:

Didn't you know? It's the cool thing to bash the popular one regardless of anything they did or did not do.

So, can I bash Intel for kicking dogs, even though they didn't?

[Guest]

1 hour ago, M.Yurizaki said:

What's your proof that Intel paid for this?

Dont you know of intels history of making fake stuff up about AMD?

The second most recent one was when they called the new amd server chips "glued together" and lacking any ecosystem. ADOREDTV did a short 30min documentary of all the shady stuff intel has done over its existance, give it a watch.

[Doobeedoo]

24h though huh what a joke. Their statement makes no sense whatsoever.

[Drak3]

Just now, Some Random Member said:

The second most recent one was when they called the new amd server chips "glued together" and lacking any ecosystem.

Basically, EPYC is four Ryzen dies 'glued' together, and when those slides where created and used, it was extremely likely that there wasn't an ecosystem revolvong around EPYC. Both things were true when said.

[Guest]

31 minutes ago, Blademaster91 said:

People are so quick to accuse anything but positive of AMD to be Intel shilling. I doubt Intel would so openly and brazenly smear AMD,especially now since they're working with AMD using their GPU's. Only 24 hours to examine is pretty low of them though taking this with a pile of salt and waiting to see how valid any of this news is.  Most of these attacks require root or BIOS access and makes them seem to be malware in comparison to spectre and meltdown.

More of the fact that website poped up a few months ago, youtube channel a few days, comments disabled, they only gave 24hours instead of 90 days, their website is full of shady stuff, the whitepaper is really vague, no source codes or linux testing etc.

Shady quote number 1:

"The report and all statements contained herein are opinions of CTS and are not statements of fact"

number 2

"CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate."

[porina]

43 minutes ago, M.Yurizaki said:

Well if you can update BIOS without physical access, there you go.

There exists ways to flash bios from within Windows. There exists known and unknown vulnerabilities in Windows that could lead to local code execution. Put the two together, and there you go. This type of attack to me sounds like something a determined entity might go through to a very selective and specific target. I don't think it is something you need to be worried about as a regular nobody as it isn't something that could be made sufficiently generic as you'd have to match the bios to the mobo.

[Doobeedoo]

"Bring it to public awareness before it becomes a real problem for society" with 24h notice to AMD huh. Say what?

[linustouchtips]

24hrs to respond (ummm we screwed)

[Zubkover]

IMO it's complete BS or marketing spam. Cuz in the report they say something about "it can be fixed with firmware update, but it would need few months of research"... and they they inform AMD 24h prior. WTF.

 

I don't like conspiracy theories, but I feel like this could be Intel's way of "leveling the playing field" since everything seems so overly rushed and the principles of exploit are basically the same.

[Mira Yurizaki]

After looking through the whitepaper some more, and despite the shadiness of the operation and the presentation of the paper and the extremely short window of time they presented the vulnerabilities, it still brings up a good point:

Quote

Since its early days the AMD Secure Processor has been a center of controversy within the open-source and security communities. Critics are concerned that the Secure Processoris a black box: few understand how it actually works, yet it has complete access to the system, and its actions are highly privileged and mostly invisible to the operating system. There have been petitions asking AMD to open-source the Secure Processor, but AMD refused. The company emphasized that it has performed extensive security audits on the Secure Processor, and that it is secure.

Security by obscurity isn't an effective means of securing your system. This is what bit Intel in the ass over IME and AMT.

 

5 minutes ago, Some Random Member said:

Dont you know of intels history of making fake stuff up about AMD?

The second most recent one was when they called the new amd server chips "glued together" and lacking any ecosystem. ADOREDTV did a short 30min documentary of all the shady stuff intel has done over its existance, give it a watch.

Until you have actual proof, you're spouting accusations that amount to slander, history of shady business practices or not.

[Space Reptile]

Turns out its a pile of horseshit , theres a megathread on r/AMD with some interesting revelations in the comments 

especcialy who that "research firm" actually is 
https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/

[LAwLz]

14 minutes ago, Some Random Member said:

The second most recent one was when they called the new amd server chips "glued together" and lacking any ecosystem. ADOREDTV did a short 30min documentary of all the shady stuff intel has done over its existance, give it a watch.

AdoredTV is a drooling moron who doesn't know what he is talking about 80% of the time.

And yes, "glued together" is in fact the correct term for what AMD is doing with their processors.

[Blademaster91]

25 minutes ago, Some Random Member said:

More of the fact that website poped up a few months ago, youtube channel a few days, comments disabled, they only gave 24hours instead of 90 days, their website is full of shady stuff, the whitepaper is really vague, no source codes or linux testing etc.

Shady quote number 1:

"The report and all statements contained herein are opinions of CTS and are not statements of fact"

number 2

"CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate."

It could be a new research group with some poor timing, or a complete BS scam. A 60-90 day time window isn't required,though only 24hrs makes them look really shady, I do agree their website and lack of source codes or a well written whitepaper seems suspicious but until anyone has proof it isn't anything but baseless accusations to assume Intel is the culprit here.

Edit: The quotes seems like they're just attempting to defend themselves in case AMD were to sue them if this was a BS attack.

[Deus Voltage]

7 minutes ago, M.Yurizaki said:

 

Until you have actual proof, you're spouting accusations that amount to slander, history of shady business practices or not.

This is actually well known and documented;

https://www.reuters.com/article/us-eu-intel/eu-conducts-antitrust-raid-on-intel-retailers-idUSL1216666220080212

 

https://www.cnet.com/news/eu-antitrust-officials-raid-intel/

 

https://seekingalpha.com/article/64296-eu-antitrust-investigators-raid-intel-munich-office