A couple of weeks ago, a little known IT security firm called CTS Labs dropped a major bombshell in the form of thirteen apparent holes in AMD’s Ryzen processors. There was a lot of skepticism aimed at the company and its method of making the alleged flaws public. Many were similarly skeptical of the existence of the flaws themselves, though AMD immediately went into investigative mode.
Mid last week, AMD’s Chief Technology Officer, Mark Papermaster, has released the company’s preliminary findings into the flaws alleged by CTS labs. It confirmed that the flaws exist, but emphasised that the flaws all needed high level user access and in some cases, physical access to exploit. This detail was also in the vulnerabilities whitepaper, but the language used to hype up the severity of the flaws did not accord with the reality.
AMD similarly reminded everyone that the level of access required to exploit the vulnerabilities meant they were of limited severity.
It also emphasised that the flaws were not an issue with the underlying Ryzen architecture. Rather, it had to do with microcode embedded within the security coprocessor and its motherboard chipset. These are ARM and ASmedia issues. Indeed, AMD made no mention of the possibility that the commonly used ASMedia chips could also affect other manufacturers in a similar manner.
Mr Papermaster stated that fixes will be available in the coming weeks through microcode and BIOS updates. There was no specified timeframe, or whether the fixes will arrive all at once or come as they are tested and ready.
The speed with which AMD’s CTO has provided a response on the matter puts pay to the claim by CTS Labs that it released in such a manner because it was concerned AMD would take too long to fix the issues. Irrespective, the motivations behind this release looks increasingly like a stunt to manipulate AMD’s share price.