Trapped? AMD processor has been "disclosed" 13 serious vulnerabilities, which are tricky and serious vulnerabilities

Trapped? AMD processor has been "disclosed" 13 serious vulnerabilities, which are tricky and serious vulnerabilities

Trapped? The AMD processor has been "Exposed" to 13 serious vulnerabilities, which are tricky. The unnamed Israeli security company CTS Labs suddenly published a White Paper to the media, the disclosure of 13 security vulnerabilities in the AMD processor only gave AMD 24 hours of response time, and the message was sent, which caused an uproar in the security industry ......
AMD is currently conducting an emergency investigation into a vulnerability report released by the Israeli security company, which discloses 13 security vulnerabilities that affect AMD Ryzen and EPYC processors. These 13 vulnerabilities are distributed in four vulnerability categories: RyzenFall, MasterKey, Fallout, and Chimera.
The vulnerabilities were discovered by the security lab CTS Labs in Israel. They described the details of the vulnerabilities in the report and published a White Paper. AMD responded that they expressed concern about the spread. A spokesman for AMD said,
"We are actively investigating and analyzing the chip vulnerability issues pointed out in the White Paper. Since this security company has not worked with AMD in the past, we think they are not doing the right thing-they didn't give AMD reasonable time to investigate vulnerabilities, the vulnerabilities they discovered were published to the media."
If attackers successfully exploit these vulnerabilities, they can have full control over the system, or extract data from the CPU area, which is similar to the previously notorious Meltdown and Specter vulnerabilities.

 
AMD was notified only yesterday of an emergency.
As AMD is investigating the vulnerability, no patches are available. According to reports, the CTS lab reported the vulnerability information to AMD yesterday. The specific impact results have not yet been fully confirmed by AMD.
CTS Labs said some vulnerabilities have a wider scope than listed, because they did not try to create PoC for all amd cpu series.
Details about these vulnerabilities and the AMD processors they can affect. [For the White Paper, see the end of this article]

CTS lab faces public opinion criticism and questioning
The information security community has made a lot of criticism on the issue that CTS lab has only one day to urgently respond to AMD!
In addition, some experts also pointed out that the White Paper does not provide technical implementation details, and due to the harsh conditions for exploits (administrator-level permissions required ), the vulnerabilities proposed by the Company may cause little practical harm.
Linus Torvalds, the father of Linux, also publicly commented that this sudden "Security White Paper" is more like a bid of interest or disruption to the stock price.
I think the information security industry has fallen, but it is becoming more and more ridiculous.

What are the specific vulnerabilities?
The following is a description of the vulnerability published by CTS lab researchers, but it has not yet been fully confirmed by AMD.
MasterKey 1, 2, 3
Persistent malware that can run in AMD Security processors
-It can bypass the security features of the firmware, such as security encryption virtualization SEV, And the firmware Trusted Platform Module fTPM.
-Steal network creden and bypass Microsoft's VBS and Windows Credential Guard
-Physical damage to hardware
-Affected models: EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile. At present, we have successfully tested EPYC and RYZen.
RyzenFall 1 & Fallout 1
-Write Data in protected memory areas, such as WIndows Isolation Mode and DRAM (only on the Ryzen motherboard)
-Network credential theft, bypassing VBS
-Support for memory persistence of VTL1 malware
-Affected models: EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile. EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile are successfully tested.
RyzenFall 2 & Fallout 2
-Disable the read/write protection function of RAM.
-Defends against the vast majority of Endpoint Security Solutions and supports SMM malware
-Affected models: EPYC, Ryzen, and Ryzen Pro. EPYC, Ryzen, and Ryzen Pro are successfully tested.
RyzenFall 3 and Fallout 3
-Read protected memory areas, including VTL1, security management RAM, and DRAM.
-Theft of network creden. Attackers can bypass Windows Credential Guard.
-Affected models: EPYC, Ryzen, and Ryzen Pro. You have successfully used EPYC, Ryzen, and Ryzen Pro.
RyzenFall 4
-Arbitrary code execution on AMD Security Processor
-Attackers can bypass firmware-based security functions, such as the firmware Trusted Platform Module fTPM.
-Theft of network creden. Bypassing VBS and Windows Credential Guard
-Physical damage to the hardware
-Affected models: Ryzen and Ryzen Pro.
Chimera (Firmware, Hardware versions)
-Two backdoors: firmware/hardware ASIC
-Inject malware into the internal 8051 architecture of the chipset
-Connect the CPU to USB, SATA and PCI-E devices.
-Malware running in the chipset can use the chipset as a hardware peripheral intermediary
-Impact Type: Ryzen and Ryzen Pro. Ryzen and Ryzen Pro have been used successfully.