Last week, the Isreal-based security company CTS labs was trending in the news for disclosing 13 critical vulnerabilities in AMD’s Ryzen and Epyc processors–only to be slammed by Linus Torvalds and many other people.
Now, the AMD has come up with a response on the matter. According to a blog post published on Tuesday, the security issues identified by CTS Labs are not related to AMD’s Zen architecture or the exploits disclosed by Google.
However, AMD also notes that the vulnerabilities can be leveraged only if the attackers have administrative access (or root access) to the system — an opportunity that allows them to do anything from deleting, creating, or modifying files or folders, as well as changing the settings.
But, modern operating systems have built-in security measures to prevent unauthorized administrative access. For instance, Microsoft Windows Credential Guard.
AMD will be releasing firmware patches through BIOS updates in the coming weeks to fix the disclosed vulnerabilities classified as RYZENFALL, FALLOUT, and CHIMERA. The company said there wouldn’t be any effect on the performance.
Submitted by: Arnfried Walbrecht