A security firm claims that AMD’s Ryzen and Epyc processors used in laptops, desktops, workstations and servers have 13 critical security holes that could allow attackers to install undetectable malware or steal sensitive data from protected memory. AMD has not yet confirmed the accuracy of the report or the existence of the flaws.
A high-level description of the flaws has been published on a website and in a white paper by researchers from a little-known security company called CTS-Labs, but the full technical details haven’t been released yet.
The researchers have split the alleged vulnerabilities, some of which they describe as manufacturer-introduced backdoors, into four classes named: MASTERKEY, FALLOUT, RYZENFALL and CHIMERA.
According to CTS-Labs, MASTERKEY is a set of three vulnerabilities that affect the Secure Processor in AMD’s Ryzen and Epyc lines of processors. The Ryzen platform is used for laptops and workstations, while the Epyc line is used for servers.
The AMD Secure Processor is an ARM-based microprocessor that is included in but runs separately from the larger CPU and handles a variety of security-related operations including Secure Memory Encryption (SME), Secure Encrypted Virtualization (SEV) and Firmware Trusted Platform Module (fTPM). It also holds the root of trust for AMD’s Hardware Validated Boot, a form of Secure Boot.
The MASTERKEY vulnerabilities allow attackers to bypass the Hardware Validated Boot and inject persistent malware into the Secure Processor, CTS-Labs said in its paper. Such malware would be undetectable and inaccessible to security programs running on the system and could be used to inject malicious code into the BIOS or the operating system. It could also disable security features such as fTPM or SEV.
To exploit the vulnerabilities, attackers would have to re-flash the system’s BIOS with a specially crafted version, but on many motherboards this can be done from the operating system using a command-line utility, as long as the attacker has obtained administrative privileges.
According to the report, FALLOUT is a set of design flaws that affect the bootloader component inside the Secure Processor of Epyc CPUs and can be exploited to read protected memory regions that should not be accessible to other programs or even OS kernel drivers.
By exploiting the FALLOUT flaws, attackers could steal network credentials protected by the Windows Credential Guard and could disable BIOS flashing protections, allowing for the exploitation of the MASTERKEY flaws on systems where BIOS flashing is blocked, CTS Labs said.
FALLOUT can also be used to place malware outside the reach of most endpoint security solutions—for example, in the System Management Mode (SMM) or the Windows Isolated User Mode and Isolated Kernel Mode (VTL1), the researchers said.
The third class of vulnerabilities, RYZENFALL, supposedly affects the AMD Secure OS that runs on the AMD Secure Processor on Ryzen, Ryzen Pro and Ryzen Mobile CPUs. The impact of RYZENFALL is similar to that of FALLOUT, but on the Ryzen line of CPUs instead of Epyc.
The flaws allow theft of credentials from Windows Credential Guard, the execution of malware in protected areas of the system that are inaccessible to regular security products, the disabling of BIOS flashing protections and the tampering of security features such as fTPM, CTS-Labs said.
The CHIMERA flaws consist of two “backdoors” located in the Ryzen chipset, also known as Promontory, which links the CPU to other hardware devices such as the USB, SATA and PCI-E ports and the computer’s LAN, WiFi and Bluetooth controllers. The development of the Ryzen Chipset was actually outsourced to a Taiwanese company called ASMedia Technology, according to CTB-Labs.
The backdoors, one located in firmware and one in hardware, allows the execution of malicious code inside the chipset and would give attackers a man-in-the-middle position to spy on all USB, SATA, LAN, WiFi and other traffic passing through the chipset. The flaws could also be used to attack the operating system through the Direct Memory Access (DMA) engine, CTS-Labs said.
Many people in the security community received the CTS-Labs report with skepticism because the company’s white paper didn’t contain full technical details about the flaws. Some criticized the company because it gave very little time to AMD to patch the flaws and even suggested that the partial disclosure is part of an attempt to manipulate AMD’s stock price.
People have pointed to language in a disclaimer on the website where the flaws were disclosed that reads: “Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.”
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” AMD said in an emailed statement. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”
However, Dan Guido, the CEO of security firm Trail of Bits and a respected security researcher, has confirmed the validity of CTS Labs’ findings on Twitter. He said that his consultancy was paid by CTS-Labs to review the full technical report, which has not been publicly released, together with proof-of-concept exploits.
“Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik [as far as I know]), and their exploit code works,” Guido said on Twitter.
All of the described attacks require hackers to first gain the ability to execute malicious code on affected AMD systems with administrative privileges. If they work as described, they could be useful for achieving persistence, hiding malware or extracting sensitive information, but not to compromise the system in the first place.