With a website started a short while ago and interviews that seem to be recorded in a carefully directed set, a few specialists from a company called CTSlabs described no less than 13 exploits found in AMD Ryzen and EPYC processors, each being given very suggestive names after the model of the Meltdown / Spectre exploits that targeted Intel processors.
Without denying or conforming the vulnerabilities, AMD says they are currently looking into the problems and it’s too soon to make an official statement about the case.
According to the report released by CTSlabs, computers equipped with AMD Ryzen and EPYC processors have no less than 13 major vulnerabilities that can be exploited by hackers to intercept sensitive data and install malware applications. Divided into four very suggestive categories – Ryzenfall, Masterkey, Fallout and Chimera – the vulnerabilities have – at least – the same potential to do harm as the Meltdown exploit. Developing proper patches to fix these problems might take a few weeks – or even months – and in the meantime computers equipped with these processors remain vulnerable.
Besides the details provided in carefully crafted interviews, CTSlabs has also provided a detailed technical report, with also includes samples of executable code that proves every vulnerability.
Given the difficulty of the investigation, it’s hard to believe that a single company with questionable reputation managed to get these results.
Suspicions regarding a defamation campaign against AMD are also generated by the fact that a report signed by Viceroy Research has appeared online, which is a shady group of investors that say AMD is going bankrupt.
Although it is suspicious because of the way they were made public and the lack of details from AMD, the security problems reported by CTSlabs should be taken seriously. We must not forget that AMD processors are based on relatively new developed micro-architecture, and there is a chance for a design flaw to have gone unnoticed in internal tests conducted by AMD before the final product was released.