AMD Confirms Ryzen Flaws, Promises Fixes Soon
AMD has confirmed that flaws affecting its Ryzen and EPYC chips, disclosed last week by CTS-Labs, do in fact exist, and promises fixes in the coming weeks. It's also pointing out, as Laptop Magazine did, that the issues require root access to computers, which means that the machines would already be compromised as root users can do pretty much anything.
CTS-Labs, an Israeli security firm, gave AMD just one day's notice prior to issuing a white paper and putting up a website detailing a series of vulnerabilities in AMD chips.
That raised questions about the ethics of the researchers, compounded by the researchers' disclaimer that they may have had financial interests in the performance of AMD stock. However, other security experts confirmed that the AMD flaws, while a low risk to most users, were indeed real.
The CTS-Labs researchers suggested that AMD would take months to fix the issues. But AMD says that within a few weeks, all you'll need to do are install some patches and BIOS updates.
"The security issues identified by the third-party researchers are not related to the AMD 'Zen' CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018," AMD wrote in a blog post. That Google mention refers to Spectre and Meltdown. "Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products."
You can find the full nitty-gritty details here, but the most important one for most users is that AMD claims that this won't affect performance.