AMD Secure Processor & Ryzen Chipsets Reportedly Vulnerable To Exploit
Just two months after the big Spectre and Meltdown CPU vulnerabilities were disclosed, Israeli security researchers have published 13 security vulnerabilities claiming to affect AMD Ryzen and EPYC product lines.
These vulnerabilities are being called "AMDFLAWS" and the vulnerabilities have names like MASTERKEY, RYZENFALL, FALLOUT, CHIMERA, and the PSP PRIVILEGE escalation amounting to 13 vulnerabilities in total.
These vulnerabilities could allow the AMD Secure Processor to be overrode with malicious code, read/write from protected memory areas, backdoors were found within the AMD Ryzen chipset, and other vulnerabilities around the AMD Secure Processor and AMD's current chipsets. But the actual technical information on these vulnerabilities is rather light at the moment with some questioning their merit. It also appears a BIOS flash or local root access would also be needed for at least making some of these vulnerabilities a reality.
Some of these vulnerabilities may be fixed ahead via new firmware updates while CHIMERA claims to be a hardware vulnerability that cannot be fixed, at least according to these security researchers. CTS Labs though only provided AMD with a 24 hour lead time before making this public disclosure, so it may be a while before these issues are fully investigated and more details from AMD... Sadly this disclosure is not well structured and raises more questions than answers, so stay tuned.
More details via AMDFLAWS.com.
Update: Some security researchers are indeed questioning the claims raised by CTS Labs about these supposed AMD Zen vulnerabilities... So fortunately it might not end up being too bad, but we will wait and see what is published by AMD.
These vulnerabilities are being called "AMDFLAWS" and the vulnerabilities have names like MASTERKEY, RYZENFALL, FALLOUT, CHIMERA, and the PSP PRIVILEGE escalation amounting to 13 vulnerabilities in total.
These vulnerabilities could allow the AMD Secure Processor to be overrode with malicious code, read/write from protected memory areas, backdoors were found within the AMD Ryzen chipset, and other vulnerabilities around the AMD Secure Processor and AMD's current chipsets. But the actual technical information on these vulnerabilities is rather light at the moment with some questioning their merit. It also appears a BIOS flash or local root access would also be needed for at least making some of these vulnerabilities a reality.
Some of these vulnerabilities may be fixed ahead via new firmware updates while CHIMERA claims to be a hardware vulnerability that cannot be fixed, at least according to these security researchers. CTS Labs though only provided AMD with a 24 hour lead time before making this public disclosure, so it may be a while before these issues are fully investigated and more details from AMD... Sadly this disclosure is not well structured and raises more questions than answers, so stay tuned.
More details via AMDFLAWS.com.
Update: Some security researchers are indeed questioning the claims raised by CTS Labs about these supposed AMD Zen vulnerabilities... So fortunately it might not end up being too bad, but we will wait and see what is published by AMD.
82 Comments