Conform CTS Labs, o firma de securitate israeliana, noi vulnerabilitati au fost descoperite in procesoarele AMD Ryzen precum si in cele EPYC.
Modul de abordare al celor de la CTS nu a fost cel mai placut, intrucat vanzatorii de semiconductoare ar trebui sa aiba 90 de zile timp de remediere ale problemelor inainte de a deveni informatia publica. Cei de la CTS in schimb le-au oferit 24 de ore celor de la AMD.
Declaratia CTS :
To ensure public safety, all technical details that could be used to reproduce the vulnerabilities have been redacted from this document. CTS has privately shared this information with AMD, select security companies that can develop mitigations, and the U.S. regulators. What follows is a description of the security problems we discovered and the risks they pose for users and organizations.
Avand in vederea abordarea CTS, cei de la AMD nu au fost foarte incantati si au declarat ca CTS Labs nu le sunt cunoscuti, precum si faptul ca vor investiga problema :
We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.
[Sursa]