AMD is investigating a report published today by an Israeli security firm disclosing the presence of 13 security flaws affecting AMD Ryzen and EPYC processors.
The 13 vulnerabilities are organized across four vulnerability classes named RyzenFall, MasterKey, Fallout, and Chimera.
CTS Labs, the security firm who discovered these flaws, claims they can provide attackers with full control over a system, but also allow attackers to extract data from secure areas of AMD CPUs, similar to the now-infamous Meltdown and Spectre flaws.
Patches are not available, as AMD is still investigating the report. According to reports, CTS Labs allegedly notified AMD of the flaws only yesterday, and AMD hasn't even confirmed that the report contains valid findings.
CTS Labs claims to have discovered the flaws when it analyzed a modern AMD CPU and spotted what appeared to be the backdoor code it previously discovered in old ASMedia firmware. This sparked a more in-depth investigation that later unearthed 13 security bugs.
These flaws and the processors they affect are detailed in the image below. CTS Labs says some flaws could affect more AMD processor series, as they have not attempted to create proof-of-concept exploit code for all CPU series.
The affected AMD CPUs are deployed in desktops, notebooks, smartphones, and servers alike. CTS Labs claims to have notified AMD, Microsoft, and a small number of OEMs, so they could get started on creating patches.
Below is a description of what CTS Labs researchers claim the vulnerabilities allow an attacker to perform. Just bear in mind, AMD has not confirmed any of these just yet.
MasterKey 1, 2, 3
RyzenFall 1 and Fallout 1
RyzenFall 2 and Fallout 2
RyzenFall 3 and Fallout 3
Chimera (Firmware, Hardware versions)
The CTS Labs team has put considerable efforts into marketing these security flaws, with the creation of a dedicated website and the release of professionally-shot YouTube videos.
The infosec community is more than displeased with the company's decision to give AMD only one day to address these flaws and with the fact they did not share any technical write-up to prove their research's validity. Furthermore, some experts also pointed out that the company is overhyping the vulnerabilities, all of which require admin-level access for successful exploitation.
First read of the AMDFLAWS whitepaper (no real technical details given) is: “over-hyped beyond belief”.— Arrigo Triulzi (@cynicalsecurity) March 13, 2018
This is a whitepaper worthy of an ICO.
And yes, that is meant to be an insult.
"Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update." lol yes well— Jeff Kampman (@jkampman_tr) March 13, 2018
CTS Labs states that it did not put users at risk by disclosing these flaws without giving AMD a chance to confirm and issue patches. The company claims that only it and AMD have the technical details needed to exploit these vulnerabilities and that users are still secure.
UPDATE [March 13, 17:00 ET]: AMD has issued an official statement on CST's findings, revealing it is still investigating the incident. In addition, a CTS Labs spokesperson confirmed to Bleeping Computer that Trail of Bits CEO Dan Guido had reviewed their findings for accuracy. Guido confirmed today that the security flaws are real, albeit not as severe as they might sound, as they do require admin-level access to exploit.