A new report published by Tel Aviv based security company CTS-Labs alleges discovering 13 fatal security flaws in AMD’s new lineup of Ryzen and EPYC processors. The report claims these 13 security vulnerabilities fall under four distinct classes which the company has dubbed Ryzenfall, Masterkey, Fallout and Chimera.
The vulnerabilities don’t affect AMD’s Zen CPU cores themselves but rather two other chips which are part of the Rzyen and EPYC system. The first is the ARM based AMD Secure Processor and the second is the ASMedia Promontory chipset.
CTS-Labs has given AMD 24 hours to respond to its report, which is substantially short of the 90 day grace period normally given to hardware makers to address security issues. AMD offered the following statement on the issue :
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,”
AMD Secure Processor
The AMD Secure Processor is a small ARM core built into AMD’s Zeppelin die, which powers AMD’s Ryzen and EPYC processors, as well as the Raven Ridge die, which powers the company’s Ryzen APU product lineup.
The secure processor is allegedly susceptible to vulnerabilities that could allow hackers to infiltrate protected networks by bypassing Microsoft’s Windows Credential Guard. They could also bypass Secure Encrypted Virtualization on EPYC chips. Additionally, hackers allegedly may be able to gain full access to physical memory, peripherals and fTPM. Finally, malicious code could be executed on EPYC secure processor.
AMD Ryzen “Promontry” Chipset
This is what we used to call the southbridge in the old days. It’s the chip that links Ryzen to the rest of the motherboard I/O, including Wifi, storage and internal extension cards. The report alleges that the Promontory chipset, designed and manufactured by Asus subsidiary ASMedia, has several expolitable backdoors which could allow hackers to execute malicious code on the chip.
March 13, 2018 10:00 AM Eastern Daylight Time
TEL AVIV, Israel–(BUSINESS WIRE)–CTS Labs, a cyber-security research firm and consultancy, today released a severe security advisory on Advanced Micro Devices, Inc. (“AMD” or “the Company”) (NASDAQ:AMD) processors.
A CTS Labs security audit revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. These vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks.
CTS Labs has produced a white paper report further detailing these vulnerabilities available at amdflaws.com. CTS Labs has also shared this information with AMD, Microsoft, HP, Dell, and select security companies, in order that they may work on developing mitigations and patches, and examine and research these and any other potential vulnerabilities at the Company. CTS Labs has also shared this information with relevant U.S. regulators.
CTS Labs is a cyber-security research firm and consultancy based in Tel Aviv, Israel specializing in hardware and embedded systems security. For more information about CTS Labs, please see cts-labs.com.
AMD Ryzen & EPYC CPUs Allegedly Subject To Ryzenfall, Masterkey, Fallout and Chimera Vulnerabilities
Hackers could also bypass the Windows Credntial Guard to steal network credentials and infeltrate secure Windows networks.
Ryzenfall can be used in conjuction with another vulnerability, Masterkey, to install persistent malware on the Secure Processor which can be used to spy on the system’s activities for extended periods of time.
Ryzenfall affects Zeppelin and Raven Ridge based products, like Ryzen, Ryzen Pro and Ryzen Threadripper.
Fallout affects AMD’s EPYC chips.
Chimera consists of two backdoors, one firmware based and one hardware based.The backdoors allow hackers to inject the Ryzen Promontry chipset with malicious code and launch attacks via USB, SATA, PCIe devices and through Network, WiFi & Bluetooth.
An infected chipset can be used to launch DMA — Direct Memory Access — based attacks on the OS. This vulnerability affects desktop Ryzen based systems.
Can It Be Fixed?
CTS Labs claims that Ryzenfall, Masterkey and Fallout can be fixed via firmware updates, but could take several months for those fixes to be delivered. Chimera on the other hand reportedly can’t be fixed directly because it’s hardware issue but can be addressed with a workaround. Although, CTS Labs alleges this may produce side affects and could prove difficult to achieve.