Researchers from security firm CTS Labs, discovered 13 critical vulnerabilities affecting AMD’s Ryzen chipset, Epyc processors and more product lines.
The systems running on Ryzen chipset and Epyc processors can be controlled by attackers to access secure data like network credentials, physical memory, peripherals, etc.
Ryzen and Epyc processors are secured by AMD Secure Processor, but researchers said that Secure Processor itself is being shipped with vulnerabilities, allowing attackers to install malware in the chip.
CTS Labs classified the vulnerabilities in four categories— Ryzenfall, Fallout, Chimera, and Masterkey.
The Ryzenfall impacts the Ryzen chipset products by inserting malicious code to control AMD Secure Processor line. Ryzenfall helps attackers to read and write the protected memory and use this to bypass systems like Windows Credential Guard. This helps them to steal credentials of network and spread into protected networks.
Fallout vulnerability affects the Epyc servers, and allows attacks on protected networks and memory. Attackers can bypass the Basic IO System flashing protection implemented in SMM.
Chimera affects the Ryzen Chipset. It contains two sets of backdoors, one implemented in firmware, and other in hardware. Malicious code can be injected to the chipset through both the backdoors.
The Ryzen chipset works as a middleman to link CPU to network, Wi-Fi and Bluetooth devices. Attackers can take the middleman position of chipset to attack the operating system.
CTS Labs claimed that Masterkey affects all AMD products that it tested. Masterkey takes advantage of vulnerabilities in AMD Secure Processor to tamper with AMD’s firmware-based security features including Secure Encrypted Virtualization (SEV) and firmware Trusted Platform Module (fTPM).
Although security researchers need to give a period of 90 days to research and respond to claims of vulnerabilities, it seems CTS Labs released the vulnerabilities publicly 24 hours after informing AMD. AMD didn’t look happy about it.
“We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings,” wrote AMD in released note. “We find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”