Menu
Researchers claim AMD's Ryzen, Epyc security co-processor and chipset have major flaws

Researchers claim AMD's Ryzen, Epyc security co-processor and chipset have major flaws

However, it's unknown whether potential attacks on AMD's Ryzen arising from the claimed vulnerabilities will prove to be significant

(IDG)

(IDG)

A little-known security firm claims that AMD's Ryzen and Epyc architectures are subject to major exploitable flaws. AMD said it hasn't had time to confirm or deny the claims.

Researchers say they’ve discovered serious potential vulnerabilities within AMD’s Ryzen and Epyc chip architectures. AMD said it’s taking the reports seriously, though it wasn’t provided sufficient time to investigate or confirm them before their disclosure.

CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it’s discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera. All would require a program running with local access and administrator privileges to exploit them.

AMD confirmed it’s been made aware of the potential vulnerabilities. However, the statement AMD provided to PCWorld implied that the company wasn’t given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” AMD’s statement said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

It’s important to note that these claimed vulnerabilities remain unconfirmed, though they’re potentially serious. CTS-Labs claims it's been able to exploit the vulnerabilities it found on several Ryzen chips, but no potential attack has been seen in the wild. Expect more follow-ups in the days ahead.

What are Ryzenfall, Masterkey, Fallout, and Chimera?

Hardware vulnerabilities have come to the forefront with the rise of Spectre and Meltdown, which attack the speculative execution processes used by Intel and other vendors. AMD and ARM are also potentially affected by Spectre and Meltdown, though Intel has been the public face of both vulnerabilities.

The four new AMD-specific vulnerabilities largely attack the AMD Secure Processor, logic which creates a protected environment for executing sensitive tasks. In a whitepaper, CTS-Labs criticized the processor as a “black box” that remains poorly understood. The whitepaper painted AMD as irresponsible, claiming that the Ryzen and Ryzen Pro chipsets “could not have passed even the most rudimentary white-box security review.” It also urged the security community to study the effects on mission-critical systems “that could potentially put lives at risk.”

According to CTS-Labs, there are three derivatives of Masterkey, all of which have been proven on Epyc and Ryzen. There are four derivatives of Ryzenfall, three of Fallout, and two Chimera attacks. Ryzenfall and Fallout have been tested on Ryzen, Ryzen Pro, and Epyc; Ryzen Mobile chips are not affected. Chimera has been tested on Ryzen and Ryzen Pro, CTS-Labs claimed.

Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks. Ryzenfall threatens the secure OS running on top of the Secure Processor, potentially bypassing virtualization and injecting malware. It allows an attacker to break into the “fenced DRAM” the OS creates.

Fallout exposes the bootloader within the Epyc Secure Processor, allowing access to protected memory regions, CTS-Labs claims. Finally, the firm claimed the Chimera attack could access “an array of hidden manufacturer backdoors” inside AMD’s Promontory chipsets. CTS-Labs blamed ASMedia, a third-party chipmaker that supplied the USB host controller and SATA controller within AMD’s Ryzen chipset, for these vulnerabilities, which were then introduced into the Ryzen chipsets.

CTS-Labs is not the only security organization to discover an issue with AMD’s Secure Processor. Last September, Google researchers found and reported a stack overflow vulnerability, which AMD said it patched. AMD’s BIOS now allows users to disable PSP support. PSP, or the Platform Security Processor, is the former name of AMD’s Secure Processor.

This article first appeared on PC World (US)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AMDchipsflawRyzen

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments