'

AMD responds to CTS Labs Vulnerabilities - Impact Assessment

The vulnerabilities are real

Severe processor vulnerabilities discovered on AMD Processors - 13 vulnerabilities over four classes

AMD responds to CTS Labs Vulnerabilities - Impact Assessment

AMD has released their technical assessment of the vulnerabilities which CTS Labs revealed last week, offering an extra insight into each problem while also detailing the company's plans to mitigate its impact. 

In short, the exploits are not that big of a deal, with AMD stating that all of the four vulnerability classes requiring administrative access to exploit. When detailing MASTERKEY, RYZENFALL, FALLOUT and CHIMERA AMD says that they are only usable when an "Attacker already has compromised the security of a system", which means that the attacker already has a broad range of options to reek havoc.  

Each of these security concerns will be addressed with BIOS updates and PSP (Platform Secure Processor) firmware updates, all of which are expected to have no performance impact and will release in the coming weeks. 
 

      As described in more detail below, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations.

It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.

Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.

A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.


Below are AMD's official descriptions of each of CTS Labs' vulnerability classes, alongside their plans to mitigate/fix the issues in firmware. Note that AMD can act on all of these issues, making this far from the doomsday scenario which CTS Labs described in their whitepaper. 


AMD responds to CTS Labs Vulnerabilities - Impact Assessment

Last weeks announcement from CTS Labs was full of problems, from their 24-hour disclosure to AMD before release to the fact that certain members of the press were briefed before their official announcement. Now AMD has confirmed their CTS' vulnerabilities are real, though the way that they advertised them was highly misleading.

This is not a repeat of Spectre/Meltdown, not even close. These are level two vulnerabilities, where attackers need administrative access to exploit the system. If an attacker has administrative access, you already have a lot of problems to worry about. With Administrative Access, attackers are more likely to use hacks which are more CPU agnostic, especially given AMD's small market share in the CPU market, especially in the enterprise space. 

All of these issues are expected to be patched out within weeks, which means that these issues will cease to exist after all users update their BIOS' and PSP firmware. 

You can join the discussion on AMD's Technical Assessment of CTS Labs' research on the OC3D Forums.
«Prev 1 Next»

Most Recent Comments

20-03-2018, 18:49:02

AlienALX
The fact that you need to actually be on the victim PC just makes me LOL. I mean seriously? it takes me back to the days of going into PC world, getting to DOS and typing Format c: /q /s /u. Then standing back and LOLing whilst it formats the drive unconditionally.

Seriously? you want to do damage to a PC? get a USB kill. You may as well, if you have access to it. GN posted a video today and it appears it was a deliberate attempt to manipulate the stock market.Quote

20-03-2018, 19:52:30

NeverBackDown
Need administration access?

If they ever get that far you have far more crap to be worried about than worrying about them installing malwareQuote

20-03-2018, 21:00:52

Kleptobot
Quote:
Originally Posted by AlienALX View Post
The fact that you need to actually be on the victim PC just makes me LOL. I mean seriously? it takes me back to the days of going into PC world, getting to DOS and typing Format c: /q /s /u. Then standing back and LOLing whilst it formats the drive unconditionally.

Seriously? you want to do damage to a PC? get a USB kill. You may as well, if you have access to it. GN posted a video today and it appears it was a deliberate attempt to manipulate the stock market.
There is a difference between administrative access and physical accessQuote

20-03-2018, 21:33:53

Senna
Personally I rotfled when I saw these. With unrestricted admin rights and ability to flash systems bios you can do anything at all.

In fact, LETS ALL CREATE A NEW RESEARCH GROUP then " discover " that if you bios flash the intel mobos bios to a version before its anti-meltdown update then use administrative rights to rollback the system update, why not, you have the rights OMG OMG THIS CREATES MELTDOWN 2.0 OMG OMG. Intel must be bad then, don't buy intel, its stock must be "0.0$".

But lets be serious, with admin rights you can upload a custom service that will run any command as nt authority / system account. With that you can copy move delete and edit any file, partition or memory space and with a modified yet somehow still signed driver theres nothing you cant do. You can run 50 amps through a chipset, zero-out drive firmware, create new invisible partitions, put undetectable apache server on them and run some hacked edition of pornhub from victims computer. On ANY CPU, motherboard or even system(as Linux root will allow mostly the same thing).
I suspect they didn't "find" or "Research anything". Someone at CTF got these sneaky details illegaly of engineers then publish it for monetary gains.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.