AMD confirms Ryzenfall vulnerabilities, promises a fix via routine BIOS updates
21 March 2018 | 0
But AMD also provided the answer to consumers’ most pressing question: What, if anything, needs to be done? For each of the first three classifications of vulnerabilities, AMD said it is working on firmware updates that the company plans to release during the coming weeks. That firmware will be distributed via a BIOS update that the company already planned to release. “No performance impact is expected,” AMD added.
The fourth category of vulnerability, known as Chimera, affected the Promontory chipset, which CTS-Labs said was designed with logic supplied by ASMedia, a third party vendor. While AMD said patches for that will also be released via a BIOS update, the company said it is working with the Promontory chipset maker on developing the mitigations, rather than supplying its own.
AMD has neither confirmed nor denied whether the attacks can be executed remotely, or require local access. AMD did deny, however, that the attacks have anything to do with Meltdown or Spectre, the two side-channel attacks that rival Intel has worked to patch.
About a week ago, CTS-Labs issued a press release as well as a website outlining the vulnerabilities, which the company provided to AMD less than 24 hours before CTS-Labs went public, AMD said. But CTS-Labs also drew fire over boilerplate copy on its website that implied a potential financial interest in the subjects of its reports.
In the meantime, however, the vulnerabilities were confirmed by two independent researchers, Trail of Bits and Check Point. Both expressed doubts that attackers would be able to exploit the vulnerabilities that CTS-Labs had originally discovered.
While AMD did not say specifically when the patches would be released, it sounds like they’ll be coming in the next few weeks. Since it’s unlikely that the vulnerabilities would be weaponised in such a short time, Ryzen PC owners can probably feel confident that their machines are secure.
IDG News Service