Researchers say they’ve discovered serious potential vulnerabilities within AMD’s Ryzen and Epyc chip architectures. AMD said it’s taking the reports seriously, though it wasn’t provided sufficient time to investigate or confirm them before their disclosure.

CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it’s discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera. All would require a program running with local access and administrator privileges to exploit them.

AMD confirmed it’s been made aware of the potential vulnerabilities. However, the statement AMD provided to PCWorld implied that the company wasn’t given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” AMD’s statement said. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

In a blog post on its site, AMD added: “This company [CTS Labs] was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”

However, Dan Guido, a security researcher, wrote that he has seen the proof of concept code and confirmed the vulnerabilities. “Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public [as far as I know]), and their exploit code works,” he tweeted.

What this means for you: At this point, nothing. It’s important to note that these attacks remain unconfirmed by AMD, though they’re potentially serious. CTS-Labs claims it’s been able to exploit the vulnerabilities it found on several Ryzen chips, but no potential attack has been seen in the wild. Expect more follow-ups in the days ahead.

amd ryzen vulnerability map CTS-Labs/AMDFlaws.com

A list of the potential AMD chip vulnerabilities, according to CTS-Labs.

What are Ryzenfall, Masterkey, Fallout, and Chimera?

Hardware vulnerabilities have come to the forefront with the rise of Spectre and Meltdown, which attack the speculative execution processes used by Intel and other vendors. AMD and ARM are also potentially affected by Spectre and Meltdown, though Intel has been the public face of both vulnerabilities.





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here