AMD responds to security vulnerabilities reported by CTS Labs Research

Reading time icon 3 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

amd crimson logo

amd crimson logo

Last week, CTS Labs Research reported few security vulnerabilities involving some AMD products. Following the public disclosure, AMD was analysing the security research that reported and was develop mitigation plans. Yesterday, AMD came up with a detailed response on each of the vulnerability that was reported.

First of all, the new vulnerabilities reported are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits (Spectre and Meltdown). Instead, they are related to the firmware managing the embedded security control processor in some of the AMD products and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

The security issues identified can be grouped into three major categories. You can learn about AMD’s assessment of impact, and planned actions for all three categories below.

Vulnerability Groups Problem Description & Method of Exploitation Potential Impact Planned AMD Mitigation
MASTERKEY

and

PSP Privilege Escalation

(AMD Secure Processor or “PSP” firmware)

Issue: Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption.

Method: Attacker requires Administrative access

Attacker can circumvent platform security controls. These changes are persistent following a system reboot. Firmware patch release through BIOS update. No performance impact is expected.

AMD is working on PSP firmware updates that we plan to release in the coming weeks.

RYZENFALL and FALLOUT

(AMD Secure Processor firmware)

Issue: Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP).

Method: Attacker requires Administrative access.

Attacker can circumvent platform security controls but is not persistent across reboots.

Attacker may install difficult to detect malware in SMM (x86).

Firmware patch release through BIOS update. No performance impact is expected.

AMD is working on PSP firmware updates that we plan to release in the coming weeks.

“Promotory”
Chipset
CHIMERA

“Promontory” chipset used in many socket AM4 desktop and socket TR4 high-end desktop (HEDT) platforms.

AMD EPYC server platforms, EPYC and Ryzen Embedded platforms, and AMD Ryzen Mobile FP5 platforms do not use the “Promontory” chipset.

Issue: Attacker who already has compromised the security of a system installs a malicious driver that exposes certain Promontory functions.

Method: Attacker requires Administrative access.

Attacker accesses physical memory through the chipset.

Attacker installs difficult to detect malware in the chipset but is not persistent across reboots.

Mitigating patches released through BIOS update. No performance impact is expected.

AMD is working with the third-party provider that designed and manufactured the “Promontory” chipset on appropriate mitigations.

User forum

0 messages