Following recent heated attention over possible flaws in AMD processor chips, Check Point Research was privately approached by the source of these controversial findings, CTS Labs, and was asked to verify their existence.
It is important for us to note that Check Point has absolutely no relationship, neither current nor previous, with CTS Labs, neither were we paid to review their findings.
We do not agree in any way with how CTS Labs’ research was published, and find it very irresponsible. However, we do believe that if the claims made in the publication are found to be correct then it may raise several issues worth discussing, regardless of the way it was handled or reported
Having received the original AMD hardware upon which the research is based, along with the technical details of the vulnerabilities, RYZENFALL-1 and RYZENFALL-3, we were able to successfully review the vulnerabilities and have concluded the following:
Note: Since the hardware we received was PC based, we could not verify the rest of the vulnerabilities which are based on the server CPU versions.
To conclude, in our opinion the original CTS Labs report might have been problematically phrased in a way that misrepresented the threat model and impact that the RYZENFALL-1 and RYZENFALL-3 vulnerabilities present.
However, problematic phrasing aside, after inspecting the technical details of the above, we can indeed verify that these are valid vulnerabilities and the risks they pose should be taken under consideration.