AMD Secure Processor & Ryzen Chipsets Reportedly Vulnerable To Exploit

Written by Michael Larabel in AMD on 13 March 2018 at 12:47 PM EDT. 82 Comments
AMD
Just two months after the big Spectre and Meltdown CPU vulnerabilities were disclosed, Israeli security researchers have published 13 security vulnerabilities claiming to affect AMD Ryzen and EPYC product lines.

These vulnerabilities are being called "AMDFLAWS" and the vulnerabilities have names like MASTERKEY, RYZENFALL, FALLOUT, CHIMERA, and the PSP PRIVILEGE escalation amounting to 13 vulnerabilities in total.

These vulnerabilities could allow the AMD Secure Processor to be overrode with malicious code, read/write from protected memory areas, backdoors were found within the AMD Ryzen chipset, and other vulnerabilities around the AMD Secure Processor and AMD's current chipsets. But the actual technical information on these vulnerabilities is rather light at the moment with some questioning their merit. It also appears a BIOS flash or local root access would also be needed for at least making some of these vulnerabilities a reality.

Some of these vulnerabilities may be fixed ahead via new firmware updates while CHIMERA claims to be a hardware vulnerability that cannot be fixed, at least according to these security researchers. CTS Labs though only provided AMD with a 24 hour lead time before making this public disclosure, so it may be a while before these issues are fully investigated and more details from AMD... Sadly this disclosure is not well structured and raises more questions than answers, so stay tuned.


More details via AMDFLAWS.com.

Update: Some security researchers are indeed questioning the claims raised by CTS Labs about these supposed AMD Zen vulnerabilities... So fortunately it might not end up being too bad, but we will wait and see what is published by AMD.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week