13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

Security researchers have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD’s Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems.

All these vulnerabilities lie in the secure part of the AMD’s Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC.

The unpatched vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors.

Discovered by the team of researchers at Israel-based CTS-Labs, newly disclosed vulnerabilities defeat AMD’s Secure Encrypted Virtualization (SEV) technology and could allow attackers to bypass Microsoft Windows Credential Guard to steal network credentials.

Moreover, researchers also found two exploitable manufacturer backdoors inside Ryzen chipset that could allow attackers to inject malicious code inside the chip.

amd-secure-processor-ryzen-EPYC-vulnerabilities

AMD’s Ryzen chipsets are found in desktop and laptop computers, while EPYC processors in servers. Researchers successfully tested the vulnerabilities in 21 different products and believed 11 more products are also vulnerable to the issues.

Here’s the brief explanation of all the vulnerabilities:

RYZENFALL (v1, v2, v3, v4) AMD Vulnerabilities

These flaws reside in AMD Secure OS and affect Ryzen secure processors (workstation/pro/mobile).

amd-secure-processor-hacking

According to researchers, RYZENFALL vulnerabilities allow unauthorized code execution on the Ryzen Secure Processor, eventually letting attackers access protected memory regions, inject malware into the processor itself, and disable SMM protections against unauthorized BIOS reflashing.

Attackers could also use RYZENFALL to bypass Windows Credential Guard and steal network credentials, and then use the stolen data to spread across to other computers within that network (even highly secure Windows corporate networks).

RYZENFALL can also be combined with another issue called MASTERKEY (detailed below) to install persistent malware on the Secure Processor, “exposing customers to the risk of covert and long-term industrial espionage.”

FALLOUT (v1, v2, v3) AMD Vulnerabilities

These vulnerabilities reside in the bootloader component of EPYC secure processor and allow attackers to read from and write to protected memory areas, such as SMRAM and Windows Credential Guard isolated memory.

FALLOUT attacks only affect servers using AMD’s EPYC secure processors and could be exploited to inject persistent malware into VTL1, where the Secure Kernel and Isolated User Mode (IUM) execute code.

To read the original article:

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *