On March 13th, CTS Labs published some security exploits that it discovered on AMD’s CPUs. CTS Labs got in touch with the red team on March 12th and gave it only 24 hours before going public. Obviously that was kind of fishy and a lot of people were curious whether these exploits were legit or not. And today, AMD released a statement, acknowledging and confirming those exploits, and claiming that it will fix them through BIOS updates.
Now before continuing, we should note that these exploits are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public on January 3rd. As AMD noted, these issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
Furthermore, and as AMD noted, all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. So yeah, this isn’t something similar to Spectre or Meltdown.
AMD states that it will release BIOS update in the coming weeks that will resolve these security issues. Moreover, there won’t be any performance impact after applying these fixes.
You can find more details about these latest security exploits on AMD’s website!