AMD's statement on alleged chip flaws

Joanna Estrada
March 13, 2018

AMD is in the process of investigating the matter.

Security researchers announced four classes of vulnerabilities and manufacturer backdoors in modern AMD chipsets, but withheld details due to an unconventionally short disclosure window.

The Masterkey vulnerabilities are described by the researchers as "a set of three vulnerabilities allowing three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself". Some of these involve compromising the Secure Processor built into some processors, allowing malicious code to exist at a level invisible to the operating system.

"Secure Processor to be completely taken over by malware running on the main processor". It remains to be seen what the fallout might be like for these newly discovered flaws.

Israeli-based security firm CTS Labs published its research showing "multiple critical security vulnerabilities and exploitable manufacturer backdoors" in AMD chips.

This could allow attackers "to inject malicious code into the chip" and create "an ideal target" for hackers, the researchers said.

Analysts at the security firm enSilo said the AMD flaws could be worse than those affecting Intel chips. Ryzenfall, Fallout, and Chimera all require local-machine elevated administrator privileges to run a program and a digitally signed driver to access the Secure Processor.

It is unclear how hard it would be for a malicious actor to obtain such a digitally signed driver.

The researchers gave AMD less than a day to respond to the potential flaws instead of the standard 90-day notice. "We are investigating this report, which we just received, to understand the methodology and merit of the findings", an AMD spokesman said.

Only time will tell how serious any of these issues might be, especially as AMD begins its investigation into the vulnerabilities, along with other security researchers.

AMD will update the blog here with any further information.

Earlier today a number of security vulnerabilities were revealed in various AMD CPUs and the Promontory chipset, though not technically disclosed, by CTS, a cyber-security company, at the website.

"CTS believes that networks that contain AMD computers are at a considerable risk", the report said.

Other reports by Click Lancashire

Discuss This Article