Linus Torvalds doesn’t take anything that’s being hyped and made bigger than what it is. In a Google+ thread, he slammed the Israel-based security company CTS Labs by calling their security advisory a “garbage”.
Just a couple of days back, CTS researchers exposed more than a dozen ‘critical’ vulnerabilities in AMD chips marketed under the brand names Ryzen and Epyc. The company also claimed that a backdoor exists in AMD processors. Their revelation came with a well-decorated website, a whitepaper, and a video.
“I refuse to link to that garbage. But yes, it looks more like stock manipulation than a security advisory to me,” Torvalds said without taking any name or going into specific details.
“When was the last time you saw a security advisory that was basically “if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem”? Yeah,” he said in the same thread.
CTS Labs was questioned and faced criticism for notifying AMD only 24 hours before the public disclosure. The company defended themselves by saying that AMD couldn’t have fixed the issue even if a year’s time was given.
However, this doesn’t mean that the bugs disclosed are a hoax. The researchers from the Trail of Bits, Inc. verified them. It’s CEO Dan Guido tweeted that the “bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.”
While Torvalds agrees that the bugs exist, what possibly annoys him is the hype built around it.
And maybe, if there is any serious threat to the real world or not.
Source: https://fossbytes.com/linus-torvalds-roasts-cts-labs-amd-cpu-vulnerabilty-report/
Submitted by: Arnfried Walbrecht
Comments are closed.