AMD responds to CTS Labs Vulnerabilities – Impact Assessment

Severe processor vulnerabilities discovered on AMD Processors - 13 vulnerabilities over four classes

AMD responds to CTS Labs Vulnerabilities – Impact Assessment

AMD has released their technical assessment of the vulnerabilities which CTS Labs revealed last week, offering an extra insight into each problem while also detailing the company’s plans to mitigate its impact. 

In short, the exploits are not that big of a deal, with AMD stating that all of the four vulnerability classes requiring administrative access to exploit. When detailing MASTERKEY, RYZENFALL, FALLOUT and CHIMERA AMD says that they are only usable when an “Attacker already has compromised the security of a system”, which means that the attacker already has a broad range of options to reek havoc.  

Each of these security concerns will be addressed with BIOS updates and PSP (Platform Secure Processor) firmware updates, all of which are expected to have no performance impact and will release in the coming weeks. 


      As described in more detail below, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations.

It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.

Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.

A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.

Below are AMD’s official descriptions of each of CTS Labs’ vulnerability classes, alongside their plans to mitigate/fix the issues in firmware. Note that AMD can act on all of these issues, making this far from the doomsday scenario which CTS Labs described in their whitepaper. 

AMD responds to CTS Labs Vulnerabilities - Impact Assessment

Last weeks announcement from CTS Labs was full of problems, from their 24-hour disclosure to AMD before release to the fact that certain members of the press were briefed before their official announcement. Now AMD has confirmed their CTS’ vulnerabilities are real, though the way that they advertised them was highly misleading.

This is not a repeat of Spectre/Meltdown, not even close. These are level two vulnerabilities, where attackers need administrative access to exploit the system. If an attacker has administrative access, you already have a lot of problems to worry about. With Administrative Access, attackers are more likely to use hacks which are more CPU agnostic, especially given AMD’s small market share in the CPU market, especially in the enterprise space. 

All of these issues are expected to be patched out within weeks, which means that these issues will cease to exist after all users update their BIOS’ and PSP firmware. 

You can join the discussion on AMD’s Technical Assessment of CTS Labs’ research on the OC3D Forums.