Techpowerup wrote:Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU micro-architecture, which are as damning the three recent "Meltdown" and "Spectre" vulnerabilities that affect various CPU manufacturers at varying degrees (Intel, AMD, and ARM). The thirteen new CVEs are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."
The researchers have redacted their whitepapers on each of the 13 new vulnerabilities, and have given AMD time for a response, before threatening to publish their whitepapers. The laws call for a 90-day notice period before a vulnerability is made public, so hardware/software manufacturers have time to address it. The Google Project Zero teams behind Meltdown/Spectre CVEs entered NDAs with chip-makers that lasted months, before they could make their findings public, earlier this year.
Sources: Techpowerup, AMDFlaws