Menu
Researchers claim AMD's Ryzen, Epyc security co-processor and chipset have major flaws

Researchers claim AMD's Ryzen, Epyc security co-processor and chipset have major flaws

However, it's unknown whether potential attacks on AMD's Ryzen arising from the claimed vulnerabilities will prove to be significant

(IDG)

(IDG)

A little-known security firm claims that AMD's Ryzen and Epyc architectures are subject to major exploitable flaws. AMD said it hasn't had time to confirm or deny the claims.

Researchers say they’ve discovered serious potential vulnerabilities within AMD’s Ryzen and Epyc chip architectures. AMD said it’s taking the reports seriously, though it wasn’t provided sufficient time to investigate or confirm them before their disclosure.

CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it’s discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera. All would require a program running with local access and administrator privileges to exploit them.

AMD confirmed it’s been made aware of the potential vulnerabilities. However, the statement AMD provided to PCWorld implied that the company wasn’t given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” AMD’s statement said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

It’s important to note that these claimed vulnerabilities remain unconfirmed, though they’re potentially serious. CTS-Labs claims it's been able to exploit the vulnerabilities it found on several Ryzen chips, but no potential attack has been seen in the wild. Expect more follow-ups in the days ahead.

What are Ryzenfall, Masterkey, Fallout, and Chimera?

Hardware vulnerabilities have come to the forefront with the rise of Spectre and Meltdown, which attack the speculative execution processes used by Intel and other vendors. AMD and ARM are also potentially affected by Spectre and Meltdown, though Intel has been the public face of both vulnerabilities.

The four new AMD-specific vulnerabilities largely attack the AMD Secure Processor, logic which creates a protected environment for executing sensitive tasks. In a whitepaper, CTS-Labs criticized the processor as a “black box” that remains poorly understood. The whitepaper painted AMD as irresponsible, claiming that the Ryzen and Ryzen Pro chipsets “could not have passed even the most rudimentary white-box security review.” It also urged the security community to study the effects on mission-critical systems “that could potentially put lives at risk.”

According to CTS-Labs, there are three derivatives of Masterkey, all of which have been proven on Epyc and Ryzen. There are four derivatives of Ryzenfall, three of Fallout, and two Chimera attacks. Ryzenfall and Fallout have been tested on Ryzen, Ryzen Pro, and Epyc; Ryzen Mobile chips are not affected. Chimera has been tested on Ryzen and Ryzen Pro, CTS-Labs claimed.

Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks. Ryzenfall threatens the secure OS running on top of the Secure Processor, potentially bypassing virtualization and injecting malware. It allows an attacker to break into the “fenced DRAM” the OS creates.

Fallout exposes the bootloader within the Epyc Secure Processor, allowing access to protected memory regions, CTS-Labs claims. Finally, the firm claimed the Chimera attack could access “an array of hidden manufacturer backdoors” inside AMD’s Promontory chipsets. CTS-Labs blamed ASMedia, a third-party chipmaker that supplied the USB host controller and SATA controller within AMD’s Ryzen chipset, for these vulnerabilities, which were then introduced into the Ryzen chipsets.

CTS-Labs is not the only security organization to discover an issue with AMD’s Secure Processor. Last September, Google researchers found and reported a stack overflow vulnerability, which AMD said it patched. AMD’s BIOS now allows users to disable PSP support. PSP, or the Platform Security Processor, is the former name of AMD’s Secure Processor.

This article first appeared on PC World (US)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AMDchipsflawRyzen

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments