About a week ago CTS Labs, a Tel Aviv-based cybersecurity startup, made a public disclosure on vulnerabilities affecting AMD Ryzen and EPYC processors. Linus Torvalds reacted¹ harshly to those premature claims:

“When was the last time you saw a security advisory that was basically ‘if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?’ Yeah.”

Various media reports spoke lenghily about the CTS Labs reports.

Yesterday, AMD responded to those reports with an initial Technical Assessment² but at the same time it deplored the fact that CTS Labs hurried with the public disclosure.

On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings.