CATEGORIES
home News

AMD Details Ryzen, EPYC And Chipset Mitigation Plan For Masterkey, Fallout And Ryzenfall Vulnerabilities

by Brandon HillTuesday, March 20, 2018, 04:54 PM EDT
ryzen processor in socket
Earlier this month, a little-known Israeli security company named CTS Labs disclosed a number of vulnerabilities that affect AMD's Zen-based processor family. The exploits -- Masterkey, Ryzenfall, Fallout, and Chimera -- involve the Secure Processor found onboard Ryzen and EPYC products and the supporting Ryzen chipset.

At the time, AMD provided the following statement:

We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise.

AMD has had over a week to scour over the whitepaper and determine the veracity of these supposed exploits, and has reported back with its findings. The company acknowledges that these are indeed exploits, and will rollout mitigation strategies for each of the four primary attack vectors. However, AMD rightfully points out that a person would need administrative access to a system in order to carry out any attacks, and with such permissions, they have a wide range of tools at their disposal beyond the vulnerabilities discovered by CTS Labs.

"[This is] a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings," write's AMD's Mark Papermaster. "All modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues."

AMD Vulnerabilities Map

With that said, the company has outlined that firmware patches will be released to address Masterkey, Ryzenfall and Fallout via BIOS updates in the coming weeks. AMD is quick to note that there will be no performance hit associated with these fixes. In addition, there will also be a BIOS update with mitigations in place for the Chimera exploit that affects the supporting “Promontory” Ryzen chipset.

"AMD is working with the third-party provider that designed and manufactured the 'Promontory' chipset on appropriate mitigations," said AMD. In this case, that third-party provider is allegedly ASUSTeK subsidiary ASMedia.

In the end, we must applaud AMD for reacting so quickly and announcing that fixes will shortly be in place for customers -- even if it doesn't share the same security concerns as CTS Labs.

Tags:  AMD, Chimera, Fallout, (nasdaq:amd), ryzen, epyc, ryzenfall, masterkey
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment