Last week, the Isreal-based security company CTS labs was trending in the news for disclosing 13 critical vulnerabilities in AMD’s Ryzen and Epyc processors–only to be slammed by Linus Torvalds and many other people.
Now, the AMD has come up with a response on the matter. According to a blog post published on Tuesday, the security issues identified by CTS Labs are not related to AMD’s Zen architecture or the exploits disclosed by Google.
“These issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors,” the blog post states.
However, AMD also notes that the vulnerabilities can be leveraged only if the attackers have administrative access (or root access) to the system — an opportunity that allows them to do anything from deleting, creating, or modifying files or folders, as well as changing the settings.
But, modern operating systems have built-in security measures to prevent unauthorized administrative access. For instance, Microsoft Windows Credential Guard.
AMD will be releasing firmware patches through BIOS updates in the coming weeks to fix the disclosed vulnerabilities classified as RYZENFALL, FALLOUT, and CHIMERA. The company said there wouldn’t be any effect on the performance.
