About a week ago CTS Labs, a Tel Aviv-based cybersecurity startup, made a public disclosure on vulnerabilities affecting AMD Ryzen and EPYC processors. Linus Torvalds reacted1 harshly to those premature claims:
“When was the last time you saw a security advisory that was basically ‘if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?’ Yeah.”
Various media reports spoke lenghily about the CTS Labs reports.
Yesterday, AMD responded to those reports with an initial Technical Assessment2 but at the same time it deplored the fact that CTS Labs hurried with the public disclosure.
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings.