AMD has confirmed that a vulnerability was discovered in its processors – information about its presence was leaked to the public before the company had time to release a software update that corrected the error. The problem presumably affects processors from the consumer Ryzen line, but AMD has not yet outlined the essence of the error, and has not specified which models it affects.
Image source: amd.com
The fact that the problem was said by the Tavis Ormandy cybersecurity expert from the Google Project Zero division. He said that ASUS released a beta version of BIOS updating for its motherboards, and mentioned the presence of vulnerability in AMD processors. Subsequently, he edited his publication, removing the mention of vulnerability. AMD confirmed that vulnerability exists, but its operation requires local administrative access to the target machine and a special microcode.
«AMD is aware of the recently discovered processor vulnerability. For the implementation of the attack, access to the system at the level of the local administrator, the development and launch of malicious microcode are required. AMD has provided the consequences mitigation methods and actively cooperates in its partners and clients over their deployment. AMD recommends that customers continue to adhere to security standards accepted in the industry and work only with trusted suppliers when installing a new code on their systems. AMD plans to release a security report with additional recommendations and options for mitigating the consequences, ”the representative of the company said The Register. Other details were not reported to AMD.