Israeli security firm CTS Labs has released a white paper (opens in new tab) to the press which detail a number of vulnerabilities affecting current AMD CPUs.
The 13 vulnerabilities listed in the white paper allegedly affect all Ryzen and Ryzen Pro products currently on the market, as well as EPYC server CPUs made by AMD, although root-level (administrator) operating system access is required in order to exploit them.
As is the case with many security exploits, these could theoretically allow hackers access to personal credentials and provide an opportunity to spread malware, but the white paper also warns of the potential for “long-term industrial espionage”.
The report from CTS Labs is intentionally light on the exploits’ details – a measure intended to stop anyone from using the alleged exploits while AMD is given the time to investigate them. Despite this, Gizmodo reports that CTS only gave AMD 24 hours notice before making the white paper public.
In the company’s official statement on the issue, AMD said it was “unusual for a security firm to publish research to the press without providing a reasonable amount of time for the company to investigate and address its findings”.
Naturally, AMD is “actively investigating and analyzing” the report’s findings, and we’ll keep this article updated with further details as they come to light.