Security firm discloses range of Ryzen, Epyc, and AMD chipset vulnerabilities

CTS Labs, an Israeli security research firm, purports to have discovered 13 separate security vulnerabilities related to AMD hardware across four categories of exploits. This surprise news arrives without any form of coordinated disclosure or pre-developed vendor mitigations.

The firm claims that flaws in AMD's Secure Processor, a separate ARM processor on AMD Zen CPUs that performs various encryption and root-of-trust functions, can be exploited to run arbitrary code. The "Masterkey" vulnerability requires the attacker to install a modified BIOS containing the exploit payload, either through physical access or—as CTS Labs claims—exploiting another one of the vulnerabilities the firm discovered to write to system flash in system management mode.

CTS Labs goes on to describe three other classes of vulnerabilities that it's branded "Ryzenfall," "Fallout," and "Chimera." Both the Ryzenfall and Fallout vulnerabilities require a local user account with administrator or root privileges to run the required malware, a level of access that generally would suggest that all bets are off on a system's security to begin with. Chimera purports to exploit undescribed "hardware backdoors" in ASMedia intellectual property that apparently makes up the Promontory chip powering AMD AM4 chipsets.

From what little we have to go on, Ryzenfall might allow an attacker to bypass virtualization sandboxes, install malware in privileged memory locations or on the Secure Processor itself, and gain access to privileged firmware or memory locations. Fallout describes a similar vulnerability related to the boot loader in AMD's Epyc server processors. The thrust is that Ryzenfall and Fallout could lead to rootkits installed in firmware or in privileged memory locations beyond the reach of endpoint security applications.

CTS claims that the Chimera vulnerability has allowed it to run arbitrary code on AMD client chipsets like the X370, including key loggers, man-in-the-middle attacks, and protected memory access. In assessing the scope of this vulnerability, CTS only says that one of the "backdoors" in the Promontory chip is implemented in firmware, while the other "is inside the chip's ASIC hardware."

For its part, AMD provided the following statement this morning:

At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings.

Since AMD was not given much, if any, advance notice regarding these exploits, the company and its partners have not offered guidance regarding the mitigation of any of these exploits as of this writing.

CTS Labs suggests that Masterkey could be mitigated by preventing unauthorized BIOS updates, but that mitigation could be undone by the other exploits it's disclosed today. The firm didn't offer any proposed ways around Ryzenfall or Fallout, and it suggests that hardware-level vulnerabilities in AMD's Promontory chipset silicon may not be able to be worked around.

The chaotic nature of today's disclosure has led to many questions about the source and motivations of the firms behind this research. Astute social-media users have noted that Viceroy Research, a financial-analysis group that reportedly engages in short selling of various companies' securities, appears to have coordinated the release of a report provocatively titled "The Obituary" alongside the CTS Labs whitepaper. Viceroy posits that AMD will have no choice but to file for Chapter 11 bankruptcy as a result of the news and that its stock is ultimately worthless, claims that seem vastly out of proportion with the magnitude of the purported vulnerabilities that CTS Labs has discovered.

CTS Labs' disclaimer on its AMD vulnerability website also exposes a potential conflict of interest. The firm notes that it "may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports." If that's the case, it might explain why CTS Labs didn't engage in any form of coordinated disclosure of these vulnerabilities with AMD or give the company an opportunity to develop and deploy patches for those vulnerabilities.

Compare this approach to the (admittedly accelerated) release of information on the Spectre and Meltdown vulnerabilities, where several groups of security researchers informed Intel and other vendors of their findings well in advance of public disclosure, obtained CVE numbers that allow for easy tracking of the issues across various vendor websites, and published technical details of the vulnerabilities without providing proof-of-concept code.

We don't mean to downplay the potential seriousness of the vulnerabilities that CTS Labs claims to have uncovered, but the lack of technical details and the manner in which these vulnerabilities have been disclosed could suggest a less-than-altruistic motive. We'll update this article as we hear more from AMD and other sources regarding this news.

Comments closed
    • anubis44
    • 1 year ago

    This article should be called: “Hedge fund disguised as security firm with absolutely no previous track record makes big $$ short-selling just before they release a bogus hit-piece report after only giving AMD 24 hours to respond, when 90 days is the industry norm, and countless stupid people fall for it hook, line and sinker.” The most incredible thing about this whole fiasco is seeing just exactly who hates AMD so much that they want to actually believe the short-sellers despite all the evidence that this is bogus.

    • ronch
    • 1 year ago

    Anybody else thinks we’ll never hear from this ‘CTS Labs’ again after this dies down?

    • Pancake
    • 1 year ago

    I would have called “RyzenFall” “EpycFail”. Seems like a missed opportunity ๐Ÿ˜‰

      • MOSFET
      • 1 year ago

      I have a Win10 VM on a Ryzen host that was installed right after FCU ISO was available. It’s named RyzenFall.

        • willmore
        • 1 year ago

        You should sue! ๐Ÿ™‚

    • anotherengineer
    • 1 year ago

    Wait, in Israel, doesn’t Intel have a big presence over there???? ๐Ÿ˜‰

    *for the conspiracy people*

      • Mr Bill
      • 1 year ago

      Obligatory [url=https://www.youtube.com/watch?v=qpMvS1Q1sos<]Its All About the Pentiums[/url<].

    • Mat3
    • 1 year ago

    So if this requires flashing the bios with some malicious program, why couldn’t you just flash the original bios to get it back to factory default?

    • outsideloop
    • 1 year ago

    Jeff, its all a scam. Its all complete BS to short AMD stock.

      • WaltC
      • 1 year ago

      Totally fake news…;) Really quite amusing to read as it’s not written for tech people but for laymen–like investors, etc. Yea, gosh, if you have *admin rights* on a system, the whole OS then becomes a “vulnerability”…;) Intel must be getting hammered in more places than the stock market currently–this smacks of utter desperation. It could not be more obviously a fraud.

        • Klimax
        • 1 year ago

        Ehm, just because you own OS doesn’t mean you can stash away code in CPU. That’s where real fun starts.

        You are making same mistake like many other posters.

    • rnalsation
    • 1 year ago

    [url<]http://www.guru3d.com/news-story/amd-security-vulnerability-[/url<]โ€“-the-day-after-seems-financially-motivated.html Well, this URL 100% breaks.

      • WaltC
      • 1 year ago

      [url=http://www.guru3d.com/news-story/amd-security-vulnerability-%E2%80%93-the-day-after-seems-financially-motivated.html<] try this link[/url<]

    • Klimax
    • 1 year ago

    Update:
    [url<]https://www.techpowerup.com/242346/cts-labs-sent-amd-and-other-companies-a-research-package-with-proof-of-concept-code[/url<] They purportedly sent "research package" to AMD, Microsoft and some other big corps. Very curious how this plays out.

    • ggaky00
    • 1 year ago

    Funny how this made it to the website news when there’s so much doubt about the said security company and the way it handled everything yet no nVIDIA GPP article has been written.

      • stefem
      • 1 year ago

      Humm… maybe because the story was pushed by AMD to certain press and without any proof

    • Klimax
    • 1 year ago

    Reminder: Just because one has root access one cannot just replace code in CPU to have attack persists even full wipe and drive/MB replacing.

      • willmore
      • 1 year ago

      MB and drive replacing? No, it’s hard to persist through that, but it’s possible. There’s still other peripherials that might have some non-volatile memory in which an attack could shelter.

      But, if your arguement is that root access isn’t sufficient to poision either a MB or HD, then you’re not keeping up with things and haven’t been for quite a few years.

        • Klimax
        • 1 year ago

        Ehm, how the hell di you misread my comment? I am arguing that one can replace MB (infected firmware) and drive and yet be infected if one can inject infected code into CPU proper. You have restated more verbosely part of my comment.

          • willmore
          • 1 year ago

          Because your sentance construction is horrible?

            • Klimax
            • 1 year ago

            That might be so, but not that horrible to have you miss point with such margin. There are not that many NV memory chips in standard PC. UEFI, UEFI VBIOS on GPU, TPM and CPU firmware. Most of those would get changed by replacing mainboard. (And infected VBIOS wouldn’t be that useful)

            • willmore
            • 1 year ago

            Network card with BIOS for netbooting, add in SATA controller board with BIOS, and VBIOS as you mention are all condidates for a MB/HD persistant infection vector. And before you say it’s not possible or has never happen, I suggest you review the Snowden documents where such vulnerabilities are directly mentioned.

    • Leader952
    • 1 year ago

    The Low-down On Bizarre AMD Security Exploit Saga โ€“ You Will Want To Read This

    [url<]https://wccftech.com/low-down-amd-security-exploit-saga-cts-labs[/url<]

    • ronch
    • 1 year ago

    Sounds a lot like a smear campaign. Reminds me of #MeToo.

    Really, all this smells of fish. Rotten fish.

      • thedosbox
      • 1 year ago

      WTF? There are multiple instances of sexual harassment where the perp has admitted the accusations were accurate.

        • ronch
        • 1 year ago

        Not saying those pervs are not guilty at all. I’m just saying this reminds me of those claims. Everyone’s trying to smear everyone else these days, whether the claims are true or not.

          • thedosbox
          • 1 year ago

          You’re comparing an overhyped, poorly handled vulnerability disclosure for a niche consumer product with widespread reports of sexual harassment? Really?

            • ronch
            • 1 year ago

            You’re comparing ‘reminds me of..’ with ‘comparing’. Really???

            • thedosbox
            • 1 year ago

            It’s faecesposting guilt by assocation 101.

            [edit] lol – it seems the four letter word beginning with S is censored @ TR.

            • ronch
            • 1 year ago

            I guess there’s no shortage of arrogant folks like you who don’t give up pointing out any perceived flaw with what someone else says. I’ll say it again: I think it’s a smear campaign and I’m far from being alone here. That’s my point. Now if you wanna divert attention away from that or discredit me by focusing on something else I said there, then I find your position dubious as well.

            • thedosbox
            • 1 year ago

            [quote<] I guess there's no shortage of arrogant folks like you [/quote<] Says the person upset about being called out for trying to associate a serious social issue with an apparent flaw in a CPU. I'll leave you with this thought - you could have made your point without injecting prehistoric views into the comment. There are plenty of smear campaigns you could have referenced instead - e.g. GM's campaign against Ralph Nader would be appropriate in terms of dominant industry player vs little guy.

            • enixenigma
            • 1 year ago

            In order for one thing to remind you of another, you’d have to see some sort of similarity between the two things, no?

            • ronch
            • 1 year ago

            Not necessarily. How about juxtaposition?

            • K-L-Waster
            • 1 year ago

            Then that would be “it’s so different from” rather than “it’s like.”

      • Klimax
      • 1 year ago

      Just because they may have bad interests doesn’t mean their report is invalid!

      • K-L-Waster
      • 1 year ago

      [quote<]Sounds a lot like a smear campaign. [s<]Reminds me of #MeToo. [/s<] Really, all this smells of fish. Rotten fish.[/quote<] FTFY

    • ronch
    • 1 year ago

    Good grief. What next? Aliens from space using these security vulnerabilities to control our planet?

    Wait for it, guys. That’s coming real soon.

    • gerryg
    • 1 year ago

    The sad thing is that all the news outlets, tech rags, blogs etc. that report the headline “AMD Vulnerability!” can irreparably harm AMD regardless of how true/fake it is. Most people out there read the headline or the tweet and not the content (e.g. Jeff’s last 4 paragraphs above), and just believe the headline.

    Would love to see TR rename the article title to include “allegedly” or “potential” until there is good confirmation.

    • Leader952
    • 1 year ago

    [quote<] CTS, the cybersecurity research firm that alleges flaws in AMD (NASDAQ:AMD) chips, tells Reuters it shared the findings with clients paying for proprietary research on hardware vulnerabilities. The firm declines to name the clients. Short-seller Viceroy Research published a 25-page report on the vulnerabilities today and outlined its substantial short position in AMD. Trail of Bits, another cybersecurity firm, verifies the CTS findings to Reuters. AMD shares are up 0.3% aftermarket to $11.68. [url<]https://seekingalpha.com/news/3338900-research-firm-behind-amd-chip-flaw-reveal?uprof=44&dr=1#email_link[/url<] [/quote<] Looks like a clear short seller attack. Expect in the next days for this story to be repeated over and over again because they didn't get the result they expected today as in AMD stock price tanking.

    • chuckula
    • 1 year ago

    For all the hype going on, there actually was a [b<]real[/b<] security hole found in the AMD PSP module back in January: [url<]https://www.scmagazineuk.com/security-issue-found-in-amds-platform-security-processor/article/735414/[/url<] Notice the radical differences in how real security issues are reported and handled vs. made up hypefest nonsense.

      • derFunkenstein
      • 1 year ago

      There is more detail in that little post than there is in the entirety of today’s “whitepaper” , which I have to assume was named as such because that’s the color of the background.

        • bhtooefr
        • 1 year ago

        I’m reminded of the whitepaper for the Icosahedron IICO: [url<]https://icosahedron.website/iico/index.html[/url<] (Some background... this is a parody of Hiveway, which was a cryptocurrency scam disguised as a social network. (Hiveway used a fork of Mastodon, the same platform that Icosahedron runs on. The Mastodon community was not amused.))

    • arunphilip
    • 1 year ago

    Ars Technica has a slightly different take on it: [quote<]People who rely on AMD chips shouldn't panic, but they also shouldn't discount the warnings contained in the report, despite the questionable motivations for its release.[/quote<] [url<]https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/[/url<] David Kanter's quote about the PSP is what made me pause and read it: [quote<]"All the exploits require root access," said David Kanter, a chip expert who is founder of Real World Technologies. "If someone already has root access to your system, you're already compromised. This is like if someone broke into your home and they got to install video cameras to spy on you." Still, Kanter agreed with Guido that the vulnerabilities were a major embarrassment for AMD, particularly because most of them reside in the Platform Secure Processor, which is AMD's version of the secure enclave in the iPhone. [/quote<]

      • Klimax
      • 1 year ago

      Actually he forgot one thing. Just because one has root access in system doesn’t generally grant attacker everything! Like ability to replace code in CPU. (protected by signing) And stashing code in uninspectable place is perfect…

        • psuedonymous
        • 1 year ago

        Being able to backdoor the PCH or SP is a real corker of an exploit. You need to boot a compromised OS [i<]once[/i<] to own an entire system in perpetuity in a manner undetectable from within the OS. Either a self-deleting root exploit on a running system (executed remotely using another privilege escalation exploit, e.g. Spectre) or a physical attack (e.g. intercept system in shipment, boot once from a USB key) are both possible vectors.

      • Zizy
      • 1 year ago

      It doesn’t matter if someone broke into your home and installed cameras. You are fucked with or without cameras.
      But if a regular trusting user installed cameras you can’t really detect… this is a problem. Especially if that user was a previous owner of the house…

      Fortunately, fix here is pretty simple (even if patching is impossible) – use the very same hole to reinstall valid firmware and whatnot.

    • Yan
    • 1 year ago

    If you’re root or administrator, you can do something bad. What an amazing vulnerability!

      • derFunkenstein
      • 1 year ago

      If any of this is true, the real problem is that it will persist beyond an OS reinstall unless you also replace the CPU.

        • Mr Bill
        • 1 year ago

        The Windows 10 Meltdown and Spectre microcode fixes for Intel and AMD cpu’s only work as long as you don’t reinstall the OS?

          • derFunkenstein
          • 1 year ago

          I mean that if you can really install malware on the secure processor, it’ll survive a reinstall.

          Also, if the microcode is installed in Windows and not on the motherboard, then that’s also most likely true. It’s loaded during OS boot.

            • Mr Bill
            • 1 year ago

            OK, it was unclear to me if existing microcode updates actually made a permanant change or not.

            They also said something about vulnerability to malware in chipsets. Most modern motherboards have bios flashing utilities. It seems pretty obvious that if somebody gets physical access to your machine and flashes your bios with malware well; isn’t that close enough to the same thing?

            • derFunkenstein
            • 1 year ago

            I’m with you on that one. Feels like one and the same.

    • atari030
    • 1 year ago

    From the CTS-Labs site ‘disclaimer’ page: [url<]https://amdflaws.com/disclaimer.html[/url<] [quote<]Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that [b<]we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.[/b<] [/quote<]

    • Bauxite
    • 1 year ago

    “SafeFirmware[dot]com Created on 2017-06-09”

    Anyone want to take a guess when CVE-2017-5715, 5753 and 5754 were documented? Hint: it was not the 2018 date listed on the NIST website.

    As for “AmdFlaws[dot]com Created on 2018-02-22”, I have an idea why that date but can’t confirm it yet.

      • derFunkenstein
      • 1 year ago

      Are you saying it’s not just coincidental that safefirmware.com was registered around Epyc’s release and amdflaws.com was created at the time of Raven Ridge desktop release?

      Because I happen to agree.

    • enixenigma
    • 1 year ago

    Sounds like AMD needs to have both their engineers and their legal team looking into this.

    • Phartindust
    • 1 year ago

    Company comes out of nowhere, published to a page that just went live, nothing on Google, Youtube page just went live. And then there is this on their disclaimer page “The report and all statements contained herein are opinions of CTS and are not statements of fact.”

    Who the hell is CTS Labs, and what are their credentials?

    Seeing this “news” being posted all over the place, but no one seems to be able to verify the source is a legit security organization.

    #fakenews

      • thedosbox
      • 1 year ago

      The use of green screen on their videos has also been uncovered:

      [url<]https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8[/url<]

        • brucek2
        • 1 year ago

        Thank you that link! I was naive both that this was something that would be done for a corporate type video, and that someone else could find the stock backgrounds that quickly. Eyes opened.

        I’m daydreaming over “locations” for me to be calling in from for my next office video chat. From Everest base camp maybe? The international space station? Super VIP lounge at the playboy mansion?

        • ludi
        • 1 year ago

        You mean they DON’T normally work in large open offices that appear to belong to a landscape architecture firm?

          • thedosbox
          • 1 year ago

          To be fair, if I ran a security firm, I’d be careful about using my offices as video backgrounds.

          Not sure I’d go to the effort of using a green screen when a generic conference room would be sufficient though.

            • Klimax
            • 1 year ago

            They overthought it. (maybe)

    • Welch
    • 1 year ago

    Sounds like crap for sure. Even if it were true, I’d like to see some law hold crappy firms that release vulnerability information ahead of notifying manufacturers with a reasonable amount of time for exploits to be addressed.

    It is sort of telling that AMD themselves in their statement finished with “…and merit of the findings.”

    Sounds like they have an idea that it is going to be BS. Curious to see where this goes, wont be happy if it is real.

    • K-L-Waster
    • 1 year ago

    [quote<]The "Masterkey" vulnerability requires the attacker to install a modified BIOS containing the exploit payload, either through physical access orโ€”as CTS Labs claimsโ€”exploiting another one of the vulnerabilities the firm discovered to write to system flash in system management mode. CTS Labs goes on to describe three other classes of vulnerabilities that it's branded "Ryzenfall," "Fallout," and "Chimera." Both the Ryzenfall and Fallout vulnerabilities require a local user account with administrator or root privileges to run the required malware, a level of access that generally would suggest that all bets are off on a system's security to begin with. [/quote<] So this is either a tempest in a teacup where in order for the vulnerability to be exploited the attacker needs to already have physical control of the system, or a cautionary tale about how end users shouldn't install firmware they got from an untrusted source. We'll have to see what comes of it, but so far I'm not seeing much that RyZen users should be all that worried about.

      • SkyWarrior
      • 1 year ago

      Each and every user on a computer is a vulnerability. Intel should stop paying college dropouts to make false statements about the competitor.

      EDIT: Wow I read the paper and all I can say is that I could have written a better whitepaper for these exploits. They must have pushed hard (Read: made a real good (MS)Paintjob) to print 1337 on Tyan motherboard boot screen.

      Language turns itself in.

      [quote<]We urge the security community to study the security of these devices in depth before allowing them on mission-critical systems that could potentially put lives at risk.[/quote<] What lives at risk? Nobody dies (I mean almost nobody. Heck even intel CEO did not die hahaha!) just because there is a vulnerability in the cpu. I don't think we need any further proof for this hoax. EDIT2: I think this was even worse than Intel CEO trying to play Formula 1 game on VLC player during haswell intro...

    • TwistedKestrel
    • 1 year ago

    They haven’t disclosed anything! The “whitepaper” has some flowcharts and pictures of hardware, but no technical details on these purported vulnerabilities. And all of the purported attacks ring of spooky-scary what-if scenarios from /r/amd

      • Waco
      • 1 year ago

      “If you have root you can do bad things”
      “If you have physical access you can do bad things”

      The world:
      “Duh”

    • meerkt
    • 1 year ago

    Regardless of the strange claims here, makes me wonder…

    If you buy a used mobo on eBay, could it come poisoned?
    I hope used CPUs are still safe.

      • K-L-Waster
      • 1 year ago

      BIOS and firmware aren’t stored in the CPU itself, so they should be safe… or at least safe from this. (Used parts are always risky in terms of “are they DOA?” of course….)

        • meerkt
        • 1 year ago

        Mobos are the primary concern.

        But CPUs… nothing upgradeable yet anywhere? Microcode, security sub-CPUs, Intel ME/AMT, I don’t know.

      • Klimax
      • 1 year ago

      CPU microcode and related technologies would require proper signing and that would require national agencies and those won’t be doing untargeted attack through Ebay.

    • ermo
    • 1 year ago

    “Security firm”

      • jensend
      • 1 year ago

      Purportedly.

      • brucek2
      • 1 year ago

      or was that “securities firm”?

    • psuedonymous
    • 1 year ago

    The process of release is indisputably scummy, but it’ll be interesting to see if these exploits turn out to actually exist. The chipset-based one is particularly interesting, as its protection relies on OS-level driver enforcement.

      • chuckula
      • 1 year ago

      The alleged “whitepaper” sounds more like “if this actually worked then it would be bad”.

      It’s like me making some general statements about.. let’s say AES encryption like “if your key scheduler produces non-random numbers I can crack AES!” Which is true, but that doesn’t mean I’ve actually found a real flaw in the key scheduler.

      • nanoflower
      • 1 year ago

      Turns out the exploits do exist. However they require you to have administrative access to the machine at the minimum which pretty much gives the bad guys the ability to do whatever they want. Though with this exploit a bad actor could set up something in the hardware that is almost undetectable that gives the ability to do as they wish whenever they want. So it’s not nearly as serious as the research paper suggests.

        • Klimax
        • 1 year ago

        You think that ability to inject malicious code into CPU microcode or security CPU is not critical? Reminder: Not even Root access to OS gives you that.

    • wownwow
    • 1 year ago

    No address, no land line, 4 cheap, Israelis (drinking Intel milk?), set up in 2017 (likely after Intel’s “Meltdown inside” in June), …, but just a website ($4.95/month) and a mobile number +1-585-233-0321 ๐Ÿ˜€ … ๐Ÿ˜€

    Intel, the CPU God = 4 cheap, Israelis drinking the God’s milk ๐Ÿ˜€ … ๐Ÿ˜€

    techreport –> fairytalereport?

      • chuckula
      • 1 year ago

      Fascinating how you literally are on the exact same level as the people who posted the hoax… except they did a better job of advertising.

      Oh, and I recommend a banhammer too.

      • meerkt
      • 1 year ago

      What does Intel have to do with Israel?

      And what’s with all that milk…

        • Welch
        • 1 year ago

        [url<]https://imgur.com/a/mM6AH[/url<]

        • derFunkenstein
        • 1 year ago

        This “security company” is in Israel.

          • ludi
          • 1 year ago

          *gasp*…and Intel has operations in Israel! CONSPIRACY CONFIRMED!

            • chuckula
            • 1 year ago

            SO DOES [url=https://tinyurl.com/yaplmvdt<]AMD![/url<] Obviously these are rogue AMD employees who are jelly that they didn't get TR's ThreadRipper for their system builds!

            • meerkt
            • 1 year ago

            First time I hear of that. And purportedly it’s R&D? The plot thickens!

            (Did they buy an existing company there?)

            • derFunkenstein
            • 1 year ago

            Come on, Chuck, I thought you were better than that.

            It’s obviously Raja trying to bring down stock prices so that Intel can just acquire AMD outright.

          • meerkt
          • 1 year ago

          I imagine it goes something like:

          1. That company is in Israel.
          2. Intel does R&D in Israel
          3. Half-Life 3 confirmed.

            • derFunkenstein
            • 1 year ago

            I have heard those rumors, yes.

    • brucethemoose
    • 1 year ago

    Also from the disclaimer:

    [quote<]CTS does not accept responsibility for errors or omissions. CTS reserves the right to change the contents of this website and the restrictions on its use, with or without notice, and CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.[/quote<] I know "everyone's out to get AMD!" is an overly common claim, but this really [i<]does[/i<] smell like an attack from short sellers.

      • chuckula
      • 1 year ago

      Some bored teenagers or business school dropouts (can’t decide who’s dumber) aren’t going to make any impact past their 15 seconds of fame.

      And if it turns out they did manage to make a few bucks on a short sale, the SEC would be very interested in talking to them and providing accommodation at a cushy Federal Prison.

        • rechicero
        • 1 year ago

        Viceroy is not the first fund doing that (and this is not the first time they do it). Gotham did it in the past. I don’t remember them going to prison. They go for exposed companies that a lot of times die because of losing confidence from banks, investors, etc. Maybe they should go to prison, but I don’t remember them going.

    • chuckula
    • 1 year ago

    [quote<]We don't mean to downplay the potential seriousness of the vulnerabilities that CTS Labs claims to have uncovered, but the lack of technical details and the manner in which these vulnerabilities have been disclosed could suggest a less-than-altruistic motive. We'll update this article as we hear more from AMD and other sources regarding this news.[/quote<] I will. Unless and until anything concrete comes out I'm calling this a poorly executed hoax.

      • derFunkenstein
      • 1 year ago

      HOW DARE YOU SAY ANYTHING NEGATIVE ABOUT AMD—

      oh, wait.

      • rechicero
      • 1 year ago

      Their point is lowering the stock price to earn money with a short selling. It’s their model of business…

        • chuckula
        • 1 year ago

        I’m well aware of what a false-flag to cause a short sale is about.

        It’s also a great way to end up being prosecuted.

          • Concupiscence
          • 1 year ago

          Push comes to shove, that disclaimer won’t act as the legal fig leaf they imagine it will, either.

        • Philldoe
        • 1 year ago

        Well they are doing a shitty job. AMD stock is up.

        Advanced Micro Devices Inc
        NASDAQ: AMD ยท March 13, 2:51 PM EDT
        11.86
        โ–ฒ 0.35 (3.00%)

          • arunphilip
          • 1 year ago

          I’m just grateful that the market saw through this crap.

          • DPete27
          • 1 year ago

          Ehhhh, not sure about that. There was an unusually long sell wick (-2.5%) right before TR posted this article. That’s not burning AMD to the ground, but it seems chronologically coincidental enough to make me believe at least a few people believed the rumor.

          • rechicero
          • 1 year ago

          Great news, I’m always happy when this kind of ppl fails. I hope it keeps this way

      • faramir
      • 1 year ago

      It’s not a hoax – it’s market manipulation by posting FUD.

Pin It on Pinterest

Share This