AMD confirms processor flaws found by CTS Labs, firmware fixes are coming

Chipmaker AMD has confirmed that the vulnerabilities discovered by CTS Labs researchers earlier this month do affect a variety of its products, and that firmware patches mitigating them will be released “in the coming weeks.”

What’s this all about?

As you might remember, there was a big ballyhoo when CTS Labs publicized the flaws just one day after they reported them to AMD.

The security community was salty about the company not giving AMD a longer notice period to fix them before going public with them, and some said that the researchers’ approach to the matter looked more like an attempt to manipulate AMD stock than serious security work, since the bugs are not easy to exploit and require attackers to have admin access on the target system.

But the validity of their findings and exploit code was confirmed by Trail of Bits CEO Dan Guido and now AMD.

CTS Labs said that their choice to release their findings so quickly was due to the belief that AMD won’t be able to fix the flaws for many months, or even a year. Whether this estimate turns out to be correct or not depends on what AMD’s “in the coming weeks” ends up being.

AMD’s plans

AMD Senior Vice President and Chief Technology Officer Mark Papermaster explained that:

• The MASTERKEY and PSP privilege escalation vulnerabilities (affecting Ryzen and Epyc processors) and the RYZENFALL and FALLOUT flaws (affecting Ryzen, Ryzen Pro, Ryzen Mobile and Epyc processors) will be mitigated via a firmware patch release through BIOS update, and won’t affect the performance of the chips.
• The CHIMERA vulnerabilities (affecting only Ryzen and Ryzen Pro processors) will be mitigated in the same way, but also via mitigations that ASMedia, the third-party provider that designed and manufactured the “Promontory” chipset, will create with AMD’s help. (Whether this can be done or not is still unknown, as it is a hardware flaw.)

“It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research,” Papermaster added.

“Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.”

He also made sure to note that the vulnerabilities identified by CTS Labs are not related to the AMD “Zen” CPU architecture or the Meltdown and Spectre vulnerabilities.