“[…]AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.”
While many feel that CTS Labs did not do a good job at disclosure, AMD has also not been doing a good job at updating the world about it’s vulns. Still no CVE for the PSP vuln from January, which is related to this one. Does AMD only reply-to vulns which have 24 hour limit response threats, and ignore ones that do not? Why haven’t we seen some response like above for the below fulldisclosure vuln?
https://firmwaresecurity.com/2018/01/12/a-bit-more-on-amd-psp-vuln/