Start-up security company claims AMD Ryzen and Epyc CPUs contain 13 serious vulnerabilities

Security flaws highlighted by CTS-Labs require elevated administrator privileges and physical access

A start-up IT security company has claimed that AMD's new Ryzen, Epyc and Threadripper CPUs are vulnerable to a total of 13 serious security vulnerabilities.

However, a white paper from Israeli security start-up CTS-Labs carries little technical information and the company only gave AMD 24-hours to respond to the claims.

The flaws, published on a website registered 19 days ago, require elevated administrator privileges and physical access to targeted PCs, limiting the risks to end-users. There have also been questions raised over financial links between CTS-Labs and AMD, with suggestions that the paper has been released to support some traders' short positions in AMD stock, which has risen significantly over the past year.

The flaws the company claims to have found are named as follows:

The alleged flaws affect the Epyc CPU, the AMD Platform Secure Processor (PSP) integrated in Ryzen CPUs, and the Promontory chipset produced by Asustek for AMD motherboards for the past six years.

CTS-Labs describes Fallout as "a set of design flaw vulnerabilities residing inside the boot loader component of Epyc's Secure Processor. The boot loader is responsible for Hardware Validated Boot on EPYC servers, as well as for launching the Secure Processor module for Secure Encrypted Virtualization (SEV)".

The exploit developed by CTS-Labs, according to its white paper, requires the attacker to "be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed".

It continues: "The Fallout vulnerabilities allows access to protected memory regions that are otherwise sealed off by hardware. Such areas are supposed to be completely inaccessible to both kernel drivers and user programs running inside the operating system."

These regions are:

Masterkey enables unauthorised code execution and persistent malware to be planted on AMD's Secure Processor or PSP. The PSP supports secure boot on AMD PCs. The three Masterkey vulnerabilities enable "three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself".

It continues: "The vulnerabilities allow malicious actors to install persistent malware inside the Secure Processor, running in kernel-mode with the highest possible permissions.

"From this position of power, malware is able to bypass Secure Boot and inject malicious code into the BIOS or operating system, as well as to disable any firmware-based security features within the Secure Processor itself, such as Firmware Trusted Platform Module (fTPM) or Secure Encrypted Virtualization (SEV)."

Chimera is a series of backdoors in the Promontory chipset, produced by Asustek for AMD, which has been the subject of security question marks for six years. It is arguably the strongest of the four classes of security flaws highlighted by the company.

CTS-Labs described the flaws as "an array of hidden manufacturer backdoors" inside the Promontory chipsets that feature on the X370-series of Ryzen motherboards - these will be most used enthusiasts and for Ryzen performance workstations.

"In our research we have been able to execute our own code inside the chipset, and then leverage the latter's Direct Memory Access (DMA) engine to manipulate the operating system running on the main processor. These two capabilities form the foundation for malware, and provide a proof-of-concept," it claims.

A direct fix may not be possible, warns CTS-Labs.

Ryzenfall, meanwhile, is described as "a set of design and implementation flaws inside AMD Secure OS", the operating system that runs the AMD Secure Processor on Ryzen, Ryzen Pro and Ryzen Mobile.

"It is based on T-Base by Trustonic, and leverages ARM Trust Zone technology for secure isolation between system components. One of the primary features implemented on top of Secure OS is AMD's Firmware Trusted Platform Module (fTPM), which is responsible for secure storage of passwords and cryptographic secrets," the research adds.

It continues: "Although Secure OS runs inside the Secure Processor's dedicated ARM Cortex A5 processor, it does make use of the computer's main memory. When Secure OS starts, it allocates a portion of main memory for its own use and seals it off from the main processor. This area is called Fenced DRAM."

Again, this flaw requires local-machine elevated administrator privileges in order to exploit it. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed, the research group adds.

"The Ryzenfall vulnerabilities allow unauthorised code execution on the Secure Processor. They also allow access to protected memory regions that are otherwise sealed off by hardware. Such areas are supposed to be completely inaccessible to both kernel drivers and programs running inside the operating system."

These regions are:

CTS-Labs notes that there are "No known mitigations. AMD has recently released a BIOS update that supposedly allows users disable the Secure Processor, but this feature works only partially and does not stop the Ryzenfall attacks."

While redacting precise technical details from the white paper, CTS-Labs claims to have shared this with AMD and "select security companies".

However, its no-nonsense criticism of AMD raised more than a few eyebrows.

Its paper concludes: "We believe that these vulnerabilities put networks that contain AMD computers at a considerable risk. Several of them open the door to malware that may survive computer reboots and reinstallations of the operating system, while remaining virtually undetectable by most endpoint security solutions.

"This can allow attackers to bury themselves deep within the computer system and to potentially engage in persistent, virtually undetectable espionage, executed from AMD's Secure Processor and AMD's chipset. It is our view that the existence of these vulnerabilities betrays disregard of fundamental security principles."

Critics, though, have suggested that the level of access - including elevated administrator rights - to the PCs would enable any device to be completely compromised.

AMD's statement added little information: "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings."

On top of that, a number of commentators have questioned financial links between CTS-Labs - which has no address and no landline telephone number - and investment professionals citing it and financial positions in AMD itself.

An odd outfit calling itself Viceroy Research was remarkably quick off the mark with a 25-page research report declaring that AMD was as good as dead.

"We believe that AMD was compelled to release products as quickly and cheaply as possible as it was falling behind its competitors. This has led to what appears to be complete oversight or negligence of security fundamentals of AMD's products, which promote an evidently misguided competitive advantage - particularly with its Secure Processor (aka Platform Security Processor or PSP) - of providing ‘the greatest peace of mind on every AMD product'.

"Nothing could be further from the truth," it argued, adding: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 Bankruptcy in order to effectively deal with the repercussions of recent discoveries."