Spectre-like CPU flaws revealed in AMD’s Ryzen and Epyc processors

CTS-Labs discovered a Spectre-like vulnerability in AMD‘s Ryzen and EPYC chips

CTS-Labs,^[1] an unknown security company based in Israel, reported a severe CPU flaw in AMD‘s Ryzen and EPYC chips. The company claims to have revealed 13 vulnerabilities that would allow criminals to inject malware and leak personal data.

The company claims that the vulnerabilities of the AMD‘s processors are incredibly worrisome as the flaw resides in the parts that are supposed to be the most protected. The vulnerable parts contain personal information, including passwords, login information, encryption key, etc. the leakage of which would cause severe damage.

For the last couple of month, IT-related news sites and forums are flickering with the warning regarding Spectre and Meltdown vulnerabilities,^[2] which pose a high-risk to millions of Intel, AMD, and other modern processor users‘ of cyber attacks. Whether the current AMD‘s vulnerability is yet another severe threat is still a debatable question.

CTS-Labs gave AMD 24 hours to check the vulnerabilities

Standard deadline for a weakness to be analyzed by the respective company is 90 days. Within the period, the company responsible for the flaw has the right not to comment on the issue and approve or deny the problem when the actual test results are prepared.

In case of security vulnerability in Ryzen and EPYC chips, AMD has been demanded to verify the condition of its processors within 24 hours.^[3] A day for fixing critical flaws is not sufficient to address the problem adequately or, at least, check whether it‘s real. Even the infamous Spectre and Meltdown patches have to be addressed in six months on behalf of Google researchers‘ demand.

The undergoing investigation is expected to reveal whether such a quick response is required due to the seriousness of the vulnerability or it‘s just an unfounded whim of CTS-Labs. AMD company reacted immediately and promised to check all supposedly found issues, but did not restrain from commenting on the CTS-Labs untrustworthiness:

unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.

Initially mocked, the issues was approved to be real

The revelation of CTS Labs test results initially triggered diverted opinions among IT specialists. Most of them disapproved the foundings and „mocked“ the whole project. Linus Torvalds, the creator of Linux, was one of the active figures who tried to refute the claims about AMD‘s Ryzen and EPYC chips. He said in a Google + discussion:

When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah.

Later he added:

I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?

However, AMD was quick to respond to the current situation and, surprisingly to the opposite parties, it admitted that the security flaw is real. Dan Guido, one of the company‘s researchers, confirmed the flaw:^[4]

Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.

Ryzenfall, Master Key, Fallout, and Chimera. What are the dangers of these flaws?

Dubbed as Ryzenfall, Master Key, Fallout, and Chimera, the security flaws revealed in AMD‘s Ryzen processor, and EPYC server processors seem not to have been exploited by criminals yet.

The danger of these flaws is rather exaggerated. It turns out that to exploit them for malware injection and data leakage, criminals need administrative privileges. Although the flaw is not expected to go wild, crooks who might have administrative access to PCs might do practically anything on a targeted device.^[5]

Therefore, it‘s advisable to stay in touch with the latest news about the flaw and install the BIOS updates that contain AMD‘s processors‘ patches.