Remember back in March when security firm CTS Labs appeared out of nowhere with news of a series of security vulnerabilities on AMD hardware? Regardless of questions about responsible disclosure or the origins of the company, the vulnerabilities are real. AMD responded a week later promising patches to mitigate the new attacks, but we haven't heard a peep since. As it turns out, we may just not have been listening in the right places. Tom's Hardware poked AMD about the firmware fixes, and this is what the company had to say:
Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.
As Tom's points out, the message is pretty vague and it doesn't contain news concerning consumer-class Ryzen hardware. Still, Epyc is most certainly the platform that needed addressing first. It's interesting to note that AMD says it has patches “in final testing” just over a month from being notified about the flaws despite CTS Labs' insistence that AMD could never have produced the patches in the usual 90 days. Kidding aside, these vulnerabilities are no joke. Ryzen owners should keep an eye out in the coming months for firmware patches.