AMD Details Ryzen, EPYC And Chipset Mitigation Plan For Masterkey, Fallout And Ryzenfall Vulnerabilities

by Brandon Hill — Tuesday, March 20, 2018, 04:54 PM EDT

Earlier this month, a little-known Israeli security company named CTS Labs disclosed a number of vulnerabilities that affect AMD's Zen-based processor family. The exploits -- Masterkey, Ryzenfall, Fallout, and Chimera -- involve the Secure Processor found onboard Ryzen and EPYC products and the supporting Ryzen chipset.

At the time, AMD provided the following statement:

We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise.

AMD has had over a week to scour over the whitepaper and determine the veracity of these supposed exploits, and has reported back with its findings. The company acknowledges that these are indeed exploits, and will rollout mitigation strategies for each of the four primary attack vectors. However, AMD rightfully points out that a person would need administrative access to a system in order to carry out any attacks, and with such permissions, they have a wide range of tools at their disposal beyond the vulnerabilities discovered by CTS Labs.

"[This is] a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings," write's AMD's Mark Papermaster. "All modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues."

With that said, the company has outlined that firmware patches will be released to address Masterkey, Ryzenfall and Fallout via BIOS updates in the coming weeks. AMD is quick to note that there will be no performance hit associated with these fixes. In addition, there will also be a BIOS update with mitigations in place for the Chimera exploit that affects the supporting “Promontory” Ryzen chipset.

"AMD is working with the third-party provider that designed and manufactured the 'Promontory' chipset on appropriate mitigations," said AMD. In this case, that third-party provider is allegedly ASUSTeK subsidiary ASMedia.

In the end, we must applaud AMD for reacting so quickly and announcing that fixes will shortly be in place for customers -- even if it doesn't share the same security concerns as CTS Labs.

Tags: AMD, Chimera, Fallout, (nasdaq:amd), ryzen, epyc, ryzenfall, masterkey

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now