AMD’s Ryzen CPUs, Chipsets Allegedly Contain Serious Security Flaws

AMD’s Ryzen CPUs, Chipsets Allegedly Contain Serious Security Flaws

In the wake of Meltdown and Spectre, AMD has come out relatively clean compared with Intel. While it remains exposed to Spectre (Variant 1 and Variant 2), it dodged Meltdown altogether. But a new security firm is claiming AMD has no fewer than 13 critical vulnerabilities in its Ryzen processor and chipsets, including vulnerabilities within the heart of the CPU itself.

In a recent disclosure, security firm CTS-Labs has accused AMD of failing to catch 13 high-profile and serious security flaws in four separate families: Masterkey, Ryzenfall, Chimera, and Fallout. A chart of the four is shown below:

AMD’s Ryzen CPUs, Chipsets Allegedly Contain Serious Security Flaws

CTS-Labs has not disclosed enough information about these flaws to discuss them in great detail, but we’ll cover the summaries. The first flaw, Masterkey, can only be triggered if the malware author can flash a malicious UEFI on to the motherboard itself. Once flashed, this malicious UEFI can be used to execute code arbitrarily on the integrated ARM Cortex-A5 processor inside every Ryzen CPU. While this type of malicious code execution attack from within the CPU is a real threat — it’s one of the problems with the Intel Management Engine — it’s not clear if this is practically all that easy to exploit. Locking the UEFI from updates should prevent it. Ryzen and Epyc are both affected; Ryzen Pro and Ryzen Mobile are theorized to be affected.

Next up is Ryzenfall, a set of security issues within the Ryzen Secure OS (that’s the OS running in the Cortex-A5 CPU). This attack allows for secure access to areas of memory that are supposed to be fenced off and protected. Epyc is not affected by any of these vulnerabilities, though Ryzen Mobile and Ryzen are. Ryzenfall requires elevated administrator privileges and a vendor-signed boot driver to exploit.

Ryzenfall vulnerability
Ryzenfall vulnerability

Fallout is basically Ryzenfall, but for Epyc. It targets the off-chip boot loader as opposed to an on-chip hardware block, but it targets protected memory and the system management mode that’s not meant to be user-accessible.

Finally, there’s Chimera, which refers to a pair of backdoors supposedly hidden in the Ryzen chipset. The white paper claims “one is implemented within the firmware running on the chip, while the other is inside the chip’s ASIC hardware. Because the latter has been manufactured into the chip, a direct fix may not be possible and the solution may involve either a workaround or a recall.”

AMD’s chipsets are designed by Asmedia, and previous Asmedia chips have been criticized for their security implementations. The security flaws in Chimera allege that code can be run directly on the chipset and then used to manipulate the OS running on the main CPU, at least as a proof of concept. The security firm theorizes this could be used to create a keylogger or to spy on network accesses. It may also be possible to again access protected memory (this is the only area where CTS-Labs performed any verification).

If true, these security flaws collectively represent some significant problems that weren’t previously known, and AMD is going to have to do some significant work to fix them. It’s not clear yet how difficult that will be or what form it will take.

Continue reading

Intel Announces End-of-Life for Its 300 Series Chipsets
Intel Announces End-of-Life for Its 300 Series Chipsets

Intel is retiring its 300 series chipsets to make room for its upcoming Rocket Lake. The 300 series powered 8th and 9th Gen CPUs up to the Core i9-9900K.

ASRock Goes Rogue, Adds Support for Ryzen 5000 CPUs to X370 Chipset
ASRock Goes Rogue, Adds Support for Ryzen 5000 CPUs to X370 Chipset

ASRock has officially made the impossible, possible, if you're daring enough to try it and have the cash on-hand to buy a swanky CPU.

AMD Releases New Details on Zen 4-Powered Ryzen 7000 Family, Upcoming AM5 Chipsets
AMD Releases New Details on Zen 4-Powered Ryzen 7000 Family, Upcoming AM5 Chipsets

AMD shared more details on its upcoming Zen 4 / Ryzen 7000 platform at Computex 2022 today. The new platform should offer a significant performance improvement compared to Zen 3 on AM4.

Meta Announces Qualcomm Partnership for Custom VR Chipsets
Meta Announces Qualcomm Partnership for Custom VR Chipsets

Mark Zuckerberg made a virtual (non-VR) appearance at IFA 2022 with Qualcomm CEO Cristiano Amon to announce the companies would collaborate on new virtual reality chipsets.