Severe processor vulnerabilities discovered on AMD Ryzen Processors – 13 vulnerabilities reported

Severe processor vulnerabilities discovered on AMD Processors - 13 vulnerabilities over four classes

Severe processor vulnerabilities discovered on AMD Ryzen Processors – 13 vulnerabilities reported

AMD came out of the Spectre and Meltdown controversies without much of a hit, with Intel bearing the brunt of the issues. Now it looks like AMD has vulnerabilities of their own, with CTS-Labs, an Israeli security company announcing that AMD has 13 vulnerabilities that affect their Ryzen CPU lineup, hitting all product lines from Ryzen mobile to EPYC. 

What is most worrying is that these flaws have been found within AMD’s secure processor, an area within modern processors which are designed to maintain system security. It has also been reported that CTS Labs gave AMD less than 24 hours notice before making their findings public, which is a lot lower than the standard 90-days notice which is common within the industry. Intel was given 90 days notice for both Spectre and Meltdown, whereas AMD got less than a day, making CTS Lab’s conduct here questionable at best.

With all of this news coming out so quickly and seemingly out of nowhere, CTS Labs’ findings must be called into question. At a minimum, this is atrocious conduct on the part of CTS from a security standpoint, especially when given the fact that AMD has not validated their findings. Take this news with a grain of salt for now, as this is a situation that is wholly unlike Spectre and Meltdown.      

    A CTS Labs security audit revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. These vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks.

CTS Labs has produced a white paper report further detailing these vulnerabilities available at amdflaws.com. CTS Labs has also shared this information with AMD, Microsoft, HP, Dell, and select security companies, in order that they may work on developing mitigations and patches, and examine and research these and any other potential vulnerabilities at the Company. CTS Labs has also shared this information with relevant U.S. regulators.

  
If these reported issues are genuine, they are not as readily exploitable as Spectre and Meltdown, seemingly requiring elevated administrator rights in many cases or in the case of Masterkey, the installation of BIOS-based Malware. For now, it seems like these issues are difficult to exploit, making these problems nowhere near as problematic as Spectre and Meltdown. 

AMD is currently assessing CTS Lab’s reported vulnerabilities, though the lack of notice from CTS has placed them in a position where they still have to develop a fix from scratch, leaving systems vulnerable in the meantime. It is possible that these issues are not as bad a CTS Labs fears, though they have regardless placed AMD in an awkward position. Below is a statement from an AMD spokesperson, as seen on CNET. 

    At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,

 
The four major vulnerabilities that were found by CTS Labs are called Ryzenfall, Masterkey, Fallout and Chimera, each of which affects some or all of AMD’s Ryzen CPU lineup. AMD is yet to confirm whether or not CTS Labs’ reports are correct, mostly due to their lack of a standard vulnerability disclosure period. 

CTS Labs has stated in the video below that they want to “bring it [the issue] to public awareness before it becomes a real problem for society, not after”. Sadly what they may have done was disclose critical vulnerabilities before anyone had the chance to mitigate its effects, carelessly leaving Ryzen-powered systems insecure in the process. 

 

More information about CTS Labs’ reported vulnerabilities is available on amdflaws.com, citing issues with AMD’s Ryzen chipset design (which uses ASMedia IP) and AMD’s Secure Processor. Expect more information about these exploits to be released over the coming days and weeks. 

At this time AMD has not validated that any of these exploits work, which means that these exploits could still be proven to be false, a mistake from CTS or an outright fabrication. Regardless CTS Labs’ reported 24 hours of notice is downright shady, breaking proper protocol and leaving countless systems vulnerable if their reports are true.

CTS Labs was founded in 2017, acting as a “cyber-security consultancy firm specialising in ASIC and embedded systems security”. As a newcomer to the industry, the company’s quick public disclosure could be attributed to inexperience, though the way that this has gone down cannot be described as anything other than questionable and shady. 

At this time these security concerns seem overblown, with CTS’ whitepaper seemingly detailing issues that can only arise when combined with heightened security privileges, signed drivers or bios modification, all things that shouldn’t be a problem for most users.  

Update – Below is an official statement from AMD which says that CTS Labs was previously unknown to AMD and that they find it unusual for a security firm to publish its findings without providing the affected party with a reasonable amount of time/disclosure to either investigate or address the issue.  

    We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

You can join the discussion on the vulnerabilities that have been found on AMD’s Ryzen platforms on the OC3D Forums.Â