AMD has responded to a report by Israel-based security research firm CTS-Labs that outlined 13 critical vulnerabilities in its Ryzen and Epyc CPUs.
AMD, the world’s second biggest CPU maker for PCs and servers, is developing firmware and BIOS updates to address the security flaws publicized by CTS-Labs on 13 March. CTS-Labs labelled the flaws Masterkey, Ryzenfall, Fallout, and Chimera.
The flaws affected AMD’s Platform Security Processor (PSP) which has deep access to each processor’s core systems. PSP is similar to Apple’s Secure Enclave that protects Face ID and Touch ID biometric data stored on the iPhone and Intel’s Management Engine system for enterprise. CTS-Labs also claimed there were backdoors in a component supplied by an Asus-owned chip-maker called AsMedia.
One of the key impacts of the flaws was that it could allow an attacker to bypass a Windows 10 security feature called Windows Credential Guard, which uses virtualization technology to protect passwords.
CTS-Labs controversially published details about the flaws less than 24 hours after informing AMD, diverging from the vendor-friendly “coordinated disclosure” protocol supported by Microsoft and Google’s tougher 90-day deadline. The company’s disclosure also stated it may have a financial stake in AMD’s stock, suggesting it could benefit by short-selling AMD shares.
However, it also hired a well-known US security firm, Trail of Bits, which verified CTS-Labs claims before it went public with the flaws.
AMD today highlighted that the flaws reported by CTS-Labs were distinct from the recently disclosed Spectre design flaws that affected AMD, Intel and Arm chips. The Spectre flaws are a problem for chip makers because they target speculative execution, an industry-wide technique for enhancing chip performance that Google security researchers found was insecure.
AMD also stressed that the flaws are difficult to exploit and require administrative access, which would allow an attacker to compromise machines through other avenues more easily.
AMD said that an attacker needs to have been given “unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.”.
“Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research,” it continued.
“Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.”
Nonetheless, AMD is developing patches to prevent exploitation of the flaws and has outlined a plan for how it intends to deal with them.
AMD notes that it’s firmware mitigation for Ryzenfall, Fallout, Masterkey and Chimera are not expected to impact CPU performance. These will be released as a BIOS update from PC manufacturers.