Last week, security researchers over at CTS Labs made a big splash in the news after unveiling four key vulnerabilities found in AMD-based systems. There was plenty of controversy surrounding the way this information was disclosed and ‘hyped up', the situation also caught AMD by surprise, as they only had 24 hours notice before all the information went public. Now, AMD has had a chance to conduct its own technical assessment, which was published today.
AMD's CTO, Mark Papermaster, penned a blog post on the subject. The short version of the story is that yes, there were some vulnerabilities. However, “each issue cited can be mitigated through firmware patches and a standard BIOS update”. None of the fixes are expected to impact performance. In each case, all vulnerabilities required administrative access to exploit.
Now for the long version. AMD's technical assessment has found that these vulnerabilities are not related to the Zen CPU architecture, but they are associated with the firmware managing the embedded security control processor (AMD Secure Processor) used in some processors, and the chipset used in some socket AM4 and TR4 motherboards.
All of the issues CTS Labs' flagged up require administrative access, which would grant a user unrestricted access to the system. At this point, an attacker would have a wealth of options available to them, which is why modern operating systems and enterprise-level systems have security controls in place, such as Microsoft's Windows Credential Guard.
AMD has grouped the vulnerabilities into three main categories and outlined what each one is capable of and their planned fix for it. For starters, Masterkey is an issue where an “attacker who already has compromised the security of a system” can corrupt flash. AMD Secure Processor currently does not detect this. To fix this, AMD will roll out a firmware patch via a BIOS update, no performance impact is expected.
Ryzenfall and Fallout are grouped together into category 2. This vulnerability is where an “attacker who already has compromised the security of a system, writes to AMD Secure Processor registers” and can exploit vulnerabilities in the interface between x86 and AMD Secure Processor. Administrative access is required to pull this off. This issue will be fixed through a firmware patch, which is delivered via a BIOS update.
Finally, category 3 is Chimera. Once again, an attacker would already need to compromise a system's security and gain admin access to exploit this one, if they get that far, they can install a malicious driver that exposes certain “promontory functions”. This grants access to physical memory through the chipset, which can be difficult to detect. Chimera will be fixed through a BIOS update, and no performance impact is to be expected.
All of these fixes are planned to roll out “in the coming weeks”, so hopefully by the end of April, this will all be patched up.
KitGuru Says: It seems that CTS Labs' did indeed find some vulnerabilities on AMD's platforms, though they all hinge on gaining administrative access first, which there are plenty of safeguards for. At any rate, fixes are coming and ultimately, this will make AMD systems more secure in the long run, which is of course, a good thing.