Researchers claim AMD flaws threaten Ryzen, EPYC chips

AMD flaw basics

The Masterkey vulnerabilities are described by the researchers as "a set of three vulnerabilities allowing three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself."

"The vulnerabilities allow malicious actors to install persistent malware inside the Secure Processor, running in kernel-mode with the highest possible permissions," the researchers wrote. "From this position of power, a malware is able to bypass Secure Boot and inject malicious code into the BIOS or operating system, as well as to disable any firmware-based security features within the Secure Processor itself, such as Firmware Trusted Platform Module or Secure Encrypted Virtualization."

Masterkey would require an attacker to reflash the target system's BIOS with a malicious update, and it would be possible to exploit remotely.

The Ryzenfall AMD flaws are vulnerabilities in the AMD Secure OS, which powers the Secure Processor of Ryzen chips and could "allow, at their worst, for the

Secure Processor to be completely taken over by malware running on the main processor."

Fallout is a set of flaws in the EPYC Secure Processor boot loader component, and exploitation could allow access to protected memory.

Lastly, the Chimera vulnerabilities are allegedly "manufacturer backdoors" in both firmware and in the Ryzen chip's application-specific integrated circuit hardware as part of the Promontory chipset "responsible for linking the processor to external devices such as Hard Drives, USB devices, PCI Express cards, and occasionally also Network, Wi-Fi and Bluetooth controllers." These vulnerabilities could allow malicious code to be injected into the chipsets.

The researchers claim the Chimera AMD flaws are due to "poor security practices" by the third-party manufacturers of AMD chips and may have been part of AMD chipsets for the past six years.

CTS initially claimed that exploiting Ryzenfall, Fallout or Chimera would require an attacker be able to run a program with local-machine elevated administrator privileges, and "accessing the Secure Processor is done through a vendor supplied driver that is digitally signed."

However, CTS Labs walked back those claims in a clarification of the attack vectors for the AMD flaws posted on March 15.

"The only thing the attacker would need after the initial local compromise is local admin privileges and an affected machine," CTS Labs wrote. "To clarify misunderstandings -- there is no need for physical access, no digital signatures, no additional vulnerability to reflash an unsigned BIOS."

It is unclear how difficult it would be for a malicious actor to obtain such a digitally signed driver.

Questionable disclosure

Although standard responsible coordinated disclosure protocols give the vendor 90 days to respond before details are made public, the researchers from CTS Labs reportedly gave AMD just 24 hours to respond before releasing information on the flaws.

AMD noted in a public statement how unconventional this disclosure has been.

"We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain [aspects] of our processors. We are actively investigating and analyzing its findings," AMD wrote in an investor relations blog post. "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings."

The researchers said they privately shared the vulnerability information with AMD, U.S. regulators and a select group of technology companies that can develop mitigations, such as Microsoft.

On the vulnerability disclosure page, the CTS Labs researchers asserted users shouldn't be at risk, because "all technical details that could be used to reproduce the vulnerabilities have been redacted." However, they also admitted they don't know if these AMD flaws are being exploited in the wild. "Firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix, [and] hardware vulnerabilities such as Chimera cannot be fixed and require a workaround," the CTS Labs researchers said.

Although CTS Labs did not include details regarding the AMD flaws, Jake Williams, founder and CEO of Rendition Infosec LLC, based in Augusta, Ga., said on Twitter that the report appears legitimate.

Skyfall and Solace were a hoax, but the vulnerabilities detailed on https://t.co/aChgk22Bms (while lacking proof of concept code) pass the sniff test. If it's a hoax, it's a hoax by someone with a good understanding of processor internals.

— Jake Williams (@MalwareJake) March 13, 2018

Domain info for CTS Labs said the URL was just registered in June 2017, and Kevin Beaumont, a security researcher based in the U.K., said there should be verification of CTS Labs before accepting the report as valid.

Re AMD Flaws, has any reporter actually checked this is a real company? It’s behind WHOIS protection, as is Viceroy (who are saying AMD should go bankrupt in their same time analysis) - this is all over major newswires and I see no independent analysis.

— Kevin Beaumont (@GossiTheDog) March 13, 2018

If CTS Labs' findings are confirmed, the AMD flaws will mark the second time this year the chipmaker has been hit with critical vulnerability disclosures. Earlier this year, security researchers announced critical processor vulnerabilities known as Spectre, which affected AMD, as well as other chipmakers. AMD was forced backtrack on its initial comments claiming the Spectre vulnerabilities did not represent significant risk to its chips and later released firmware updates to mitigate the flaws.