News AMD confirms CTS-Labs vulns, promises fixes

Discussion in 'Article Discussion' started by bit-tech, 21 Mar 2018.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    917
    Likes Received:
    17
    Read more
     
  2. Spraduke

    Spraduke Lurker

    Joined:
    23 Sep 2009
    Posts:
    170
    Likes Received:
    6
    In other words: About as exciting as the myriad of windows exploits that get patched on a near continuous basis!

    Not exactly earth shattering is it! On the other hand potential shorting of AMD stock 24 hours before this announcement is far me interesting and worthy of follow up (not that such behavior is ever punished - looking at you Intel CEO!).
     
  3. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,237
    Likes Received:
    88
    I'll wait for more details on AMD about exactly how they're going to patch the hardware vuln in the ASMedia chipset. And on firmer ETAs for release: still waiting on those SPECTRE v1 & v2 microcode updates! (SPECTRE incidentally being a perfect method to perform the privilege escalation needed to use these exploits)
     
  4. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    8,159
    Likes Received:
    154
    Well apparently AMD have reported the unusual trading activity in its stocks to the relevant authorities, it will probably end up going nowhere but at least they've reported it.
     
  5. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,770
    Likes Received:
    239
    More like how will Asus/Gigabyte/MSI/... patch the firmware in ASMedia chips on AMD and Intel boards.
     
  6. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,780
    Likes Received:
    548
    They won't [probably]...
     
  7. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,237
    Likes Received:
    88
    I keep seeing this meme pop up: Intel boards use an Intel PCH, not an ASMedia chipset. The Promontory chipset CHIMERA attacks is not present on any board other than AM4 and TR4.
    On an Intel board that uses an ASMedia USB host controller for USB 3.1 Gen 2 support (which is not even close to all, most do not use one at all, and may use the Alpine Ridge controller even if they do not expose Thunderbolt, like the Gigabyte Z170N-Gaming 5, Asrock Z270 Gaming-ITX/ac, etc), disabling that host controller just means a USB port or two on the rear is turned off (I've yet to see a board use more than two ports of an ASMedia host controller on Z170 or above). An AM4 or TR4 botherboard (other than A/X300 which is an 'un chipset') CANNOT disable the Promontory chipset, as you'd end up with a brick.
     
  8. Anfield

    Anfield Well-Known Member

    Joined:
    15 Jan 2010
    Posts:
    3,285
    Likes Received:
    112
    Nothing to do with memes or with Intel PCH.

    You have to look further into the Intel mainboard past, while many recent Intel boards have done away with 3rd party usb (etc) controllers they used to be much more common a couple years ago (and since cpu performance has progressed so little since then there are tons of affected boards still in the wild).
     
  9. faugusztin

    faugusztin I *am* the guy with two left hands

    Joined:
    11 Aug 2008
    Posts:
    6,770
    Likes Received:
    239
    ASM1042, ASM1142, ASM 1143 are vulnerable too. What one of my older boards, an ASUS P8Z77-I DELUXE has for USB 3 ? ASM1042.

    Hell, CTS Labs themselves say so :
    So there is an attack vector for many Intel boards too. In case of Sandy/Ivy boards to add USB 3.0, in case of Haswell and newer to add USB 3.1, or just to add more USB ports.
     
  10. Corky42

    Corky42 What did walle eat for breakfast?

    Joined:
    30 Oct 2012
    Posts:
    8,159
    Likes Received:
    154
    Unless I've misunderstood though the vulnerabilities are in both the ASMedia chips and the AMD PSP, AFAIK the PSP is meant to prevent flashing if the update isn't digital signed and it's not.
     
  11. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,237
    Likes Received:
    88
    And in both those cases they are used as peripheral devices. If you were to completely compromise one, you could... snoop on the external USB bus I guess? It only has access to its own PCIe lanes (it;s not a bus like PCI-X) and the PCH on the other end of those links is not compromised.
    However in the case of Promontory, the exploited controller is sitting on the same die as all the other parts of the chipset.
    That's right: CHIMERA targets Promontory, the other 4 exploits target the SE within the RyZen/Epyc CPU itself in different ways.
     
Tags: Add Tags

Share This Page