Report Alleges AMD Ryzen & EPYC CPUs Suffer 13 Fatal Security Flaws – Ryzenfall, Masterkey, Fallout & Chimera Detailed

A new report published by Tel Aviv based security company CTS-Labs alleges discovering 13 fatal security flaws in AMD’s new lineup of Ryzen and EPYC processors. The report claims these 13 security vulnerabilities fall under four distinct classes which the company has dubbed Ryzenfall, Masterkey, Fallout and Chimera.

The vulnerabilities don’t affect AMD’s Zen CPU cores themselves but rather two other chips which are part of the Rzyen and EPYC system. The first is the ARM based AMD Secure Processor and the second is the ASMedia Promontory chipset.

CTS-Labs has given AMD 24 hours to respond to its report, which is substantially short of the 90 day grace period normally given to hardware makers to address security issues. AMD offered the following statement on the issue :

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,”

AMD Secure Processor

The AMD Secure Processor is a small ARM core built into AMD’s Zeppelin die, which powers AMD’s Ryzen and EPYC processors, as well as the Raven Ridge die, which powers the company’s Ryzen APU product lineup.

The secure processor is allegedly susceptible to vulnerabilities that could allow hackers to infiltrate protected networks by bypassing Microsoft’s Windows Credential Guard. They could also bypass Secure Encrypted Virtualization on EPYC chips. Additionally, hackers allegedly may be able to gain full access to physical memory, peripherals and fTPM. Finally, malicious code could be executed on EPYC secure processor.

AMD Ryzen “Promontry” Chipset

This is what we used to call the southbridge in the old days. It’s the chip that links Ryzen to the rest of the motherboard I/O, including Wifi, storage and internal extension cards. The report alleges that the Promontory chipset, designed and manufactured by Asus subsidiary ASMedia, has several expolitable backdoors which could allow hackers to execute malicious code on the chip.

Press Release

March 13, 2018 10:00 AM Eastern Daylight Time

TEL AVIV, Israel–(BUSINESS WIRE)–CTS Labs, a cyber-security research firm and consultancy, today released a severe security advisory on Advanced Micro Devices, Inc. (“AMD” or “the Company”) (NASDAQ:AMD) processors.

A CTS Labs security audit revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. These vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks.

CTS Labs has produced a white paper report further detailing these vulnerabilities available at CTS Labs has also shared this information with AMD, Microsoft, HP, Dell, and select security companies, in order that they may work on developing mitigations and patches, and examine and research these and any other potential vulnerabilities at the Company. CTS Labs has also shared this information with relevant U.S. regulators.

CTS Labs is a cyber-security research firm and consultancy based in Tel Aviv, Israel specializing in hardware and embedded systems security. For more information about CTS Labs, please see

AMD Ryzen & EPYC CPUs Allegedly Subject To Ryzenfall, Masterkey, Fallout and Chimera Vulnerabilities



This vulnerability allegedly allows hackers to take control of the Secure Processor and use its privileges to read and write in protected memory areas, namely the SMRAM and the Windows Credential Guard memory.

Hackers could also bypass the Windows Credntial Guard to steal network credentials and infeltrate secure Windows networks.
Ryzenfall can be used in conjuction with another vulnerability, Masterkey, to install persistent malware on the Secure Processor which can be used to spy on the system’s activities for extended periods of time.
Ryzenfall affects Zeppelin and Raven Ridge based products, like Ryzen, Ryzen Pro and Ryzen Threadripper.


Similarly to Ryzenfall, Fallout allows hackers to read and write from and onto protected memory areas, such as SMRAM and Windows Credential Guard isolated memory (VTL-1) as well as steal network credentials protected by Windows Credential Guard.
It can also be used to bypass BIOS flashing protections implemented in SMM.
Fallout affects AMD’s EPYC chips.



Chimera consists of two backdoors, one firmware based and one hardware based.The backdoors allow hackers to inject the Ryzen Promontry chipset with malicious code and launch attacks via USB, SATA, PCIe devices and through Network, WiFi & Bluetooth.
An infected chipset can be used to launch DMA — Direct Memory Access — based attacks on the OS. This vulnerability affects desktop Ryzen based systems.


Masterkey consists of multiple vulnerabilities in the Secure Processor firmware which would allow hackers to attackers to infiltrate it and infect with malware as well as bypass firmware based security features, including Secure Encrypted Virtualization SEV and Firmware Trust Platform Module fTPM. This vulnerability can be exploited to steal network credentials and even brick hardware by corrupting the firmware code.
This vulnerability affects EPYC, desktop Ryzen and to a lesser extent mobile Ryzen and Ryzen Pro.


Can It Be Fixed?

CTS Labs claims that Ryzenfall, Masterkey and Fallout can be fixed via firmware updates, but could take several months for those fixes to be delivered. Chimera on the other hand reportedly can’t be fixed directly because it’s hardware issue but can be addressed with a workaround. Although, CTS Labs alleges this may produce side affects and could prove difficult to achieve.

The post Report Alleges AMD Ryzen & EPYC CPUs Suffer 13 Fatal Security Flaws – Ryzenfall, Masterkey, Fallout & Chimera Detailed by Khalid Moammer appeared first on Wccftech.

Leave a Reply

Your email address will not be published. Required fields are marked *