AMD CTO Mark Papermaster said the company will address the four security vulnerabilities identified by CTS Labs last week without users suffering a performance hit.
The Santa Clara, Calif.-based semiconductor vendor said in a blog post late Tuesday that the security issues can be mitigated through a combination of firmware patched and standard BIOS updates. This was AMD's first acknowledgement of the issues publicly disclosed by CTS Labs, through the company said an attacker would have to gain administrative access to the system to take advantage of the flaws.
"Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research," Papermaster wrote in the blog post. Papermaster said AMD has completed its assessment of the CTS Labs research and is now in the process of developing and staging the deployment of mitigations.
Once a user has administrative access, Papermaster said they could already delete, create or modify any folders or files on a computer, as well as change any settings. All modern operating systems and enterprise-quality hypervisors already have adequate security controls in place to prevent unauthorized administrative access, he said, which would need to be overcome to exploit the CTS Labs findings.
CTS Labs said in a whitepaper and a website created last week that four AMD processors have critical security vulnerabilities and manufacturer backdoors that put organizations at greater risk of cyberattacks. CTS notified AMD of the vulnerabilities less than 24 hours before going public, far below the 90 days typically adhered to under standard disclosure guidelines.
Two high-profile security channel partners told CRN last week that insufficient replication details and untimely disclosure by CTS Labs suggest that their allegations might not live up to the hype.
The security issues identified by CTS Labs are not related to the Meltdown and Spectre design flaws that were discovered by Google Project Zero and made public in early January, according to Papermaster.
Instead, Papermaster said the latest vulnerabilities are associated with the firmware managing the embedded security control processor in some AMD products, as well as the chipset used in some desktop platforms supporting AMD processors.
AMD said the security issues identified by CTS Labs can be grouped into three major categories: Masterkey; Ryzenfall and Fallout; and Chimera.
Masterkey allows an attacker who has already has compromised the security of a system to update flash and corrupt its contents while evading detection by the AMD Secure Processor, according to Papermaster. This threat vector requires administrative access, according to Papermaster.
As far as potential impact is concerned, Papermaster said an attacker exploiting Masterkey can circumvent platform security controls, with the changes persisting following a system reboot. The company is planning to release a firmware path through its BIOS update, Papermaster said, with no performance impact expected.
AMD is additionally working on updates for its PSP firmware that will be released in the coming weeks, according to Papermaster.
Under the Ryzenfall and Fallout scenarios, Papermaster said an attacker that has already compromised the security of a system would write to the AMD Secure Processor registers to exploit vulnerabilities in the interface between the x86 central processor units (CPUs) and the AMD Secure Processor. This attack also requires administrative access, according to Papermaster.
Papermaster said Ryzenfall and Fallout may install difficult to detect malware in the system management module (SMM) of the x86. Attackers exploiting Ryzenfall and Fallout can circumvent platform security controls, but Papermaster said the vulnerabilities aren't persistent across reboots.
The mitigation path is the same as Masterkey, Papermaster said, with AMD planning to release a firmware path through its BIOS update, as well as working on updates for its PSP firmware that will be released in the coming weeks. No performance impacts are expected, according to Papermaster.
Finally, Chimera allows an attacker who has already compromised the security of a system to install a malicious driver that exposes certain functions in the Promontory chipset, Papermaster said. This chipset is used in many of AMD's socket AM4 desktop and socket TR4 high-end desktop platforms, according to Papermaster.
This exploit also requires administrative access, Papermaster said, with the attacker accessing physical memory through the chipset. Chimera allows for the installation of difficult to detect malware in the chipset, according to Papermaster, but isn't persistent across reboots.
AMD said it is working with the third-party provider that designed and manufactured the Promontory chipset – which is identified by CTS Labs as ASMedia – on appropriate mitigations for Chimera. The company will additionally release mitigating patches through a BIOS update, Papermaster said, with no performance impact expected.
Papermaster said AMD will provide more updates in the coming weeks on both the issues identified by CTS Labs as well as the vendor's related mitigation plans.