Chipmaker AMD Confirms 13 Chipset Flaws, Preps FixesFirmware Updates Coming for Embedded Security Control Processor
Multinational semiconductor company Advanced Micro Devices has confirmed that there are 13 flaws in some of its CPUs that could be exploited to manipulate chip firmware for malicious purposes.
The flaws were first publicized on March 13 by CTS Labs, an Israeli cybersecurity startup that launched a website and released a white paper to announce the flaws. The company's moves, and a statement saying that it may have an economic interest in the performance of AMD's stock, had led some to dismiss the firm's actions as a PR stunt (see AMD Chipset Flaws Are Real, But Experts Question Disclosure).
AMD, based in Santa Clara, California, says it first learned of the flaws less than 24 hours before CTS Labs publicly released the information. CTS said the 13 flaws fell into four sets, which it's called Masterkey, Ryzenfall, Fallout and Chimera, the latter being an alleged backdoor.
Seven days after the vulnerabilities became public knowledge, AMD confirmed the flaws, which exist in the embedded security control processor - called AMD Secure Processor - built into some of its CPUs. Also at risk are the chipsets in two types of microprocessor socket platforms - the AM4 and TR4 - used by AMD's CPUs. The AM4 is part of AMD's Zen and Excavator microarchitectures, while the TR4 is part of its Zen-based Ryzen Threadripper desktop processors.
Fix development is underway. "AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations," Mark Papermaster, AMD's chief technology officer, says in a Tuesday blog post.
AMD says the flaws can be grouped into three major categories:
- Masterkey and Platform Security Processor Privilege Escalation: An attacker could circumvent platform security controls - in a manner that survives rebooting - by flashing the firmware "to corrupt its contents," which the AMD Secure Processor would not detect.
- Ryzenfall and Fallout: An attacker could circumvent platform security controls - but not in a manner that survives across reboots - by abusing the PSP APIs to execute arbitrary code.
- Chimera: An attacker could install a malicious driver in the "Promontory" chipset used in many socket AM4 desktop and socket TR4 high-end desktop platforms.
For the first two groups, AMD says it plans a "firmware patch release" for its PSP firmware, which will be installed via a BIOS update. For the third set of flaws, "AMD is working with the third-party provider that designed and manufactured the 'Promontory' chipset on appropriate mitigations," it says.
AMD adds that it expects the fixes to have "no performance impact."
Admin Access Required
An attacker would require administrative access to a system to exploit any of the flaws. Still, a successful attack would likely leave few traces, meaning that exploiting these flaws could be of great interest to intelligence agencies or sophisticated crime cartels.
Papermaster says that would-be attackers would face significant obstacles, including having to gain in-person or remote administrative access to a system. "All modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues," he says.
"There is no immediate risk of exploitation of these vulnerabilities for most users."
—Dan Guido, Trail of Bits
None of the flaws are connected in any way to the trio of speculative execution vulnerabilities known as Spectre and Meltdown that first came to light publicly in January, AMD says. Millions of processors built by Intel, AMD and ARM are vulnerable to variant 1 or variant 2 of the flaws, known as Spectre. Many Intel processors, as well as some built by ARM, are also vulnerable to variant 3, known as Meltdown (see Microsoft Offers Payouts for New Spectre, Meltdown Flaws).
13 Flaws: Little Immediate Risk
AMD has yet to release a timeline of when it expects to release fixes for the 13 flaws. But Papermaster says more technical analysis and mitigation plan information will be released "in the coming weeks."
Dan Guido, CEO of Trail of Bits - an information security consultancy that says it was contacted and later paid by CTS Labs to review its research before it was publicly released - says the 13 flaws publicized by CTS Labs pose little immediate risk.
"There is no immediate risk of exploitation of these vulnerabilities for most users," Guido says in a blog post. "Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers."
Guido says these types of vulnerabilities are widespread and that chipmakers should be doing a better job of finding and fixing them before independent security researchers discover them.
"These types of vulnerabilities should not surprise any security researchers; similar flaws have been found in other embedded systems that have attempted to implement security features," he says. "They are the result of simple programming flaws, unclear security boundaries and insufficient security testing. In contrast, the recent Meltdown and Spectre flaws required previously unknown techniques and novel research advances to discover and exploit."
AMD describes the patches being "released in the coming weeks ... through a BIOS update." I deferred to AMD in our blog on the subject of mitigations, but the delivery method and that amount of time (April/May?) seem reasonable.— Dan Guido (@dguido) March 20, 2018
Many researchers and organizations, including Google, have chosen to pursue "coordinated disclosure" programs that give organizations up to 90 days to mitigate or warn of bugs in their products before publicly releasing bug information. Some organizations also run bug bounty programs that pay researchers for their efforts, often in exchange for their agreeing to certain terms and conditions. But otherwise, researchers have no legal obligation to provide 90 days' notice (see Google's Psychological Patch Warfare).
But in the case of the Spectre and Meltdown flaws, Google agreed to a seven-month delay before publicizing the flaws, owing both to the dangers they posed as well as the difficulty that chipmakers Intel, AMD and ARM would face when attempting to coordinate, distribute and see their microcode updates for mitigating the problems to be patched in part via operating system updates.