Last week, the Israeli security company CTS-Labs claimed to have discovered the security risks of AMD Zen architecture processor and chipset. On March 21st, AMD responded on the official blog. Says that all vulnerabilities can be completely repaired in the coming weeks without any impact on performance.
Talk about the "rough process" of CTS-Labs before talking about AMD's repair operations, because they disclosed to the media less than 24 hours after reporting to AMD, which made AMD very unprepared. This is certainly not authentic. After all, the industry The consensus is 90 days.
AMD first emphasized that the related loopholes did not involve the 'fuse' and 'ghost' that had raged in the previous stage. The security risk is the embedded firmware of the security control chip (32-bit Cortex-A5 architecture) and some of the chipsets that carry this module (AM4, TR4, etc.), not the Zen architecture itself.
Finally, mastering vulnerabilities and implementing attacks require full administrator privileges, and the threshold is still high.
AMD initially divided the vulnerabilities into three categories: 'Masterkey' 'RyzenFall/Fallout' and 'Chimera'. The first two involve security chips, while the latter involves chipsets.
As a solution, 'Masterkey' and 'RyzenFall/Fallout' can be completely immune to PSP firmware upgrades through BIOS updates and will be released in the coming weeks.
'Chimera' can also be solved through BIOS update, and AMD is working closely with the outsourcing provider of 'Promontory' (should be Xiang Shuo).
CTS just released the loophole demo
