In mid-March of this year, CTS-Labs, an unrecognized security agency, suddenly blew up, claiming that there were as many as 13 security holes in the AMD Zen architecture processor.
AMD responded by saying that it was investigating and analyzing, and accused the security agency of not “honesty” and directly publicizing dangerous security loopholes, but did not give AMD enough response time according to industry practice. Foreign media also questioned CTS. -Labs.
Of course, anyway, problems have to be solved. After discovering AMD, These security vulnerabilities are not particularly fatal and generally require administrator privileges and access to hardware devices to use. AMD promises to fix it soon.
According to the latest news, AMD has completed the patching of these vulnerabilities. The EPYC server processor is undergoing final testing. It will be fixed next month with a firmware update. The Ryzen processor will soon follow.
It is understood that AMD has previously shared the patches and code with the eco partners for joint testing.
AMD stated: 'About 30 days after receiving notification from CTS-Labs, AMD issued a patch to its ecosystem partners, fixed all related vulnerabilities in the EPYC platform, and Chimera-type vulnerabilities on all other platforms. Partners are finalizing these patches. Will soon be released publicly. We will release patches for other products to eco-friends this month, waiting for the eco-partners to complete the certification process and then release them publicly.'
It is worth pondering that CTS-Labs also issued a document two days ago questioning AMD's slow operation, guaranteeing that there will be no practical measures to repair the loopholes as soon as possible, and even intentionally encrypting some modules of the PSP security coprocessor and prohibiting external access.
As a result, AMD responded with practical actions.
In addition, For various past and recent exposures of Intel processors, including the eight Spectre Ghost-level vulnerabilities that have just appeared, CTS-Labs does not seem to care at all.
