HomeWinBuzzer NewsAMD Ryzen and EPYC Processors Have Meltdown and Spectre Style Flaws

AMD Ryzen and EPYC Processors Have Meltdown and Spectre Style Flaws

13 critical flaws in AMD Ryzen and EPYC processors in a location designed to stop attacks exploiting a system.

-

Intel has been in the eye of a storm following the disclosure of , a CPU flaw that affects all Intel processors stretching back 15 years. AMD was also involved, although not to the extent as its rival. At least not until now. Security researchers have found a severe flaw in AMD chips that is similar in scope to Meltdown and Spectre.

Like the Intel kernel-level flaw, the AMD problem could allow hackers to enter processors on millions of devices and steal data. These vulnerabilities are ironically located in what is meant to be a secured part of the CPU. This area is where the processor stores sensitive data and is meant to prevent malicious content entering a system.

The flaws are worrying, but they are not easily accessed by attackers. Indeed, anyone wanting access would need to have control of the machine. Of course, there is plenty of malware out there that can allow hackers to take over a PC. However, to exploit the AMD vulnerabilities the attacker would also need admin access.

Still, Israeli security firm CTS-Labs says its researchers have found 13 vulnerabilities that it deems critical. They affect AMD's and EPYC processors and could allow attackers to install malware on machines.

Ryzen is AMD's desktop and laptop range of CPUs, its flagship series that has taken the market fight to Intel. EPYC are server-grade processors, which means organizations and individuals are at risk. AMD has said it is taking the report seriously and is currently investigating.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” an AMD spokesman said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

Early Disclosure

Something worth noting is the grace period CTS-Labs gave AMD. It is usual for companies to be given 90 days to create a fix for issues found by third parties. However, CTS decided to give AMD less than 24 hours. The firm may argue it is pushing AMD to act as Intel and tech giants like and hit Meltdown and Spectre for months.

We reached out to CTS-Labs to and will update when the company returns the message.

SourceCTS-Labs
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News

Mastodon