AMD confirmed all thirteen Ryzen and EPYC chip exploits unveiled by CTS-Labs, which will be patched within weeks.
AMD has responded to the reports last week of a range of security flaws affecting its Platform Security Processor (PSP) and chipset. The company acknowledges the bugs and says that, in coming weeks, it will have new firmware available to resolve the PSP bugs. These firmware fixes will also mitigate the chipset bugs.
Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).
[...] AMD's response today agrees that all four bug families are real and are found in the various components identified by CTS. The company says that it is developing firmware updates for the three PSP flaws. These fixes, to be made available in "coming weeks," will be installed through system firmware updates. The firmware updates will also mitigate, in some unspecified way, the Chimera issue, with AMD saying that it's working with ASMedia, the third-party hardware company that developed Promontory for AMD, to develop suitable protections. In its report, CTS wrote that, while one CTS attack vector was a firmware bug (and hence in principle correctable), the other was a hardware flaw. If true, there may be no effective way of solving it.
[...] The striking thing about the bugs was not their existence but rather the manner of their disclosure. CTS gave AMD only 24 hours notice before its public announcement that it had found the flaws. Prior to reporting the problems to AMD, CTS also shared the bugs, along with proofs of concept, with security firm Trail of Bits so that Trail of Bits could validate that the bugs were real and could be exploited the way that CTS described. While the computer security industry has no fixed, rigid procedure for disclosing bugs to vendors, a 90-day notice period is far more typical.
This short notice period led Linux creator Linus Torvalds to say that CTS' report "looks more like stock manipulation than a security advisory."
This perception wasn't helped when short-seller Viceroy Research (which claims to have no relationship with CTS) said that the flaws were "fatal" to AMD and, that its share price should drop to $0, and that the company should declare bankruptcy. Such a valuation is obviously absurd: the PSP is non-essential (some Ryzen firmware allows it to be disabled, albeit at the loss of some functionality), its flaws can be repaired with a firmware update, and the flaws can only be exploited by an attacker with superuser access to the system. To suggest that such bugs should not merely hurt AMD's share price, but drive the company out of business entirely, with nothing salvageable from the Zen architecture, AMD's x86 license, its long-term contracts with Microsoft and Sony, or its GPU architecture, plainly has no possible factual justification.
In addition, AMD wants an investigation of unusual stock trade activity due to the CTS-Labs' revelation of the thirteen Ryzen chip exploits.
[...] There's no evidence that of any of those holes has been used for malevolent purposes, and it would be extremely difficult to use any of them to attack computers, the Sunnyvale, California-based company said. AMD saw reports of unusual trading activity in its stock about a week ago when an Israeli company called CTS Labs went public with a report on the flaws and has reported it to the relevant authorities.
[...] "It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system," AMD's Chief Technology Officer Mark Papermaster said in the statement, referring to the recent report. "Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."
Previously: CTS-Labs Identifies Vulnerabilities in AMD Chips, Gives AMD Just 24 Hours' Notice
Related Stories
Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice
Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.
[...] At this point AMD has not confirmed any of the issues brought forth in the CTS-Labs whitepaper, so we cannot confirm in the findings are accurate. It has been brought to our attention that some press were pre-briefed on the issue, perhaps before AMD was notified, and that the website that CTS-Labs has setup for the issue was registered on February 22nd, several weeks ago. Given the level of graphics on the site, it does look like a planned 'announcement' has been in the works for a little while, seemingly with little regard for AMD's response on the issue. This is compared to Meltdown and Spectre, which was shared among the affected companies several months before a planned public disclosure. CTS-Labs has also hired a PR firm to deal with incoming requests for information, which is also an interesting avenue to the story, as this is normally not the route these security companies take. CTS-Labs is a security focused research firm, but does not disclose its customers or research leading to this disclosure. CTS-Labs was started in 2017, and this is their first public report.
CTS-Labs' claims revolve around AMD's Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within.
Severe Security Advisory on AMD Processors from CTS.
Also at Tom's Hardware, Motherboard, BGR, Reuters, and Ars Technica.
(Score: 5, Insightful) by Subsentient on Wednesday March 21 2018, @06:09AM (5 children)
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 5, Interesting) by TheRaven on Wednesday March 21 2018, @09:47AM
sudo mod me up
(Score: 1, Insightful) by Anonymous Coward on Wednesday March 21 2018, @09:53AM (3 children)
Whatever OTHER dirty plays have taken place, the dirtiest one got confirmed as fact:
AMD systems ARE BACKDOORED, several ways, at least one of them INTENTIONAL.
The so-called "Platform Security Processor" got proven IN PRACTICE as an antithesis to security - unless it's "security" for third parties against the computer's owner.
Given the claimed intentional nature of the chipset's backdoor - on the matter on which AMD has notably kept complete silence - what guarantee do we have that the patches would not in fact just change the "master key" to a different one?
(Score: 2, Insightful) by Anonymous Coward on Wednesday March 21 2018, @10:27AM (2 children)
Oh look, another person that had no access to the Internet for the past five years.
The "flaws" are minor, it's the "feature" that is problematic. You can't argue that backdoors got "confirmed as fact" when they are a part of the goddamn specification. [wikipedia.org]
Yes, the backdoor is a travesty, so I guess I should... buy Intel instead? Hah. [wikipedia.org]
(Score: 0) by Anonymous Coward on Wednesday March 21 2018, @10:38AM (1 child)
It's backdoors all the way down!
(Score: 3, Funny) by kazzie on Wednesday March 21 2018, @12:45PM
All the way to the trapdoors?
(Score: 5, Interesting) by Anonymous Coward on Wednesday March 21 2018, @06:16AM (1 child)
I wonder if this is a test of AMDs response to such problems. Intel focused on PR, shifting the blame, keeping secrets, delaying tactics, etc and then still had a buggy roll out of the mitigations. I personally had no particularly bad opinion of intel until these events unfolded that way.
AMDs reponse seems to be much more open and clean thus inspiring trust, but maybe if someone digs deeper they will find some shenanegans.
(Score: 4, Interesting) by khallow on Wednesday March 21 2018, @11:42AM
The stock short play is where you'll see the shenanigans IMHO.
(Score: 2, Insightful) by Anonymous Coward on Wednesday March 21 2018, @11:18AM
Don't see the need to panic over this in that case, you have other issues if an attacker gains superuser rights on the machine. The Intel-specific flaws from earlier this year should have been the "fatal" ones due to the privilege escalation they enabled.
(Score: 0) by Anonymous Coward on Wednesday March 21 2018, @05:35PM
your stupid ass slaveware is the bug! why don't you fix the real problem and quit trying to doctor the symptoms? quit wasting our time with your nonsense!