Severe Security Advisory

on AMD Processors

What happened?

13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered throughout AMD Ryzen & EPYC product lines.

Am I affected?

Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities.

What is this site for?

This site is to inform the public about the vulnerabilities and call upon AMD and the security community to fix the vulnerable products.

This site is maintained by CTS-Labs. By accessing the contents of this website, you confirm that you have read our full disclaimer.

4 Classes of Vulnerabilities

RYZENFALL
masterkey
Fallout
Chimera

In The Media

IBM X-Force Exchange

Affected Product Lines

Affected Chips

AMD Secure Processor
Critical Security Vulnerabilities in the AMD Secure Processor

AMD Secure Processor, responsible for maintaining security within EPYC and Ryzen processors, is currently being shipped with critical security vulnerabilities allowing malicious actors to install malware inside the chip.

The vulnerabilities may allow malicious actors to proliferate through corporate networks using stolen network credentials, by allowing Microsoft Windows Credential Guard to be bypassed.

Secure Encrypted Virtualization, a key feature that AMD advertises to cloud providers, could be defeated as soon as attackers obtain malicious code execution on the EPYC Secure Processor.

A malicious actor can gain full access to the compromised system, its physical memory, peripherals and to the secrets stored inside (fTPM).

Attackers could execute malicious code on the EPYC Secure Processor.

AMD Ryzen Chipset
Outsourced Chip Design Contains Backdoors

The chipset is a central component on Ryzen and Ryzen Pro workstations: it links the processor with hardware devices such as WiFi and network cards, making it an ideal target for malicious actors.

The Ryzen chipset is currently being shipped with exploitable backdoors that could let attackers inject malicious code into the chip, providing them with a safe haven to operate from.

AMD’s outsource partner, ASMedia, is a subsidiary of ASUSTeK Computer, a company with poor security track record that has been penalized by the Federal Trade Commission for neglecting security vulnerabilities, and must now undergo independent security audits for the next 20 years.

The Chipset backdoors exist on virtually all Ryzen and Ryzen Pro workstations on the market today.

USB, SATA, PCI-E, and network traffic may flow through the chipset. Malware could leverage this position of power.

Vulnerabilities Map

Number
Vulnerabilities
Ryzen Workstation
Ryzen Pro
Ryzen Mobile
EPYC Server
1

MASTERKEY-1

2

MASTERKEY-2

3

MASTERKEY-3

4

RYZENFALL-1

5

RYZENFALL-2

6

RYZENFALL-3

7

RYZENFALL-4

8

FALLOUT-1

9

FALLOUT-2

10

FALLOUT-3

11

CHIMERA-FW

12

CHIMERA-HW

13

PSP PRIVILEGE Escalation

Total Products Affected (Successfully Exploited)

21

Total Products Affected (Probably Vulnerable)

11

Successfully Exploited
Probably Vulnerable

The Vulnerabilities

RYZENFALL

RYZENFALL allows malicious code to take complete control over the AMD Secure Processor.

Secure Processor privileges could be leveraged to read and write protected memory areas, such as SMRAM and the Windows Credential Guard isolated memory.

Attackers could use RYZENFALL to bypass Windows Credential Guard, steal network credentials, and then potentially spread through even highly secure Windows corporate networks.

Attackers could use RYZENFALL in conjunction with MASTERKEY to install persistent malware on the Secure Processor, exposing customers to the risk of covert and long-term industrial espionage.

FALLOUT

The vulnerabilities allow attackers to read from and write to protected memory areas, such as SMRAM and Windows Credential Guard isolated memory (VTL-1).

An attacker could leverage these vulnerabilities to steal network credentials protected by Windows Credential Guard.

An attacker could leverage these vulnerabilities to bypass BIOS flashing protections that are implemented in SMM.

CHIMERA

Two sets of manufacturer backdoors discovered: One implemented in firmware, the other in hardware (ASIC). The backdoors allow malicious code to be injected into the AMD Ryzen chipset.

The chipset links the CPU to USB, SATA, and PCI-E devices. Network, WiFi and Bluetooth traffic often flows through the chipset as well. An attacker could leverage the chipset’s middleman position to launch sophisticated attacks.

Chipset-based malware could evade virtually all endpoint security solutions on the market.

Malware running on the chipset could leverage the latter’s Direct Memory Access (DMA) engine to attack the operating system. This kind of attack has been demonstrated.

MASTERKEY

Multiple vulnerabilities in AMD Secure Processor firmware allow attackers to infiltrate the Secure Processor.

Enables stealthy and persistent malware, resilient against virtually all security solutions on the market.

Allows tampering with AMD’s firmware-based security features such as Secure Encrypted Virtualization (SEV) and Firmware Trusted Platform Module (fTPM).

Facilitates network credential theft by allowing Windows Credential Guard to be bypassed.

Physical damage and bricking of hardware. Could be used by attackers in hardware-based "ransomware" scenarios.

Questions & Answers

Is my organization currently at risk?

If you have an AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC machine on your network, and that machine is compromised, your network is at risk.

How long before a fix is available?

We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects.

Are these vulnerabilities currently being exploited in the wild?

We don't know, but we are concerned about CHIMERA. Similar vulnerabilities in other ASMedia products have been known in hardware hacking circles for several years.

Why are you doing this?

To bring these issues to public attention, and to warn users and organizations. In particular, we urge the community to pay closer attention to the security of AMD devices before allowing them on mission-critical systems that could potentially put lives at risk.
See: https://www.amd.com/en/products/embedded-aero-defense-solutions

Doesn't this publication put users at risk?

No. All technical details that could be used to reproduce the vulnerabilities have been redacted from this publication. CTS has shared this information with AMD, Microsoft, and a small number of companies that could produce patches and mitigations.

Can I use materials from this site?

Yes, we give permission to anyone to download and publish the materials with credit to CTS-Labs.

What can I do?

Contact AMD and ask for a prompt solution. We will update this website as fixes and mitigations become available.

Updated Questions

Do these vulnerabilities require physical access?

No.

RYZENFALL, FALLOUT and CHIMERA do not require physical access to exploit.

MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.

Do these vulnerabilities require the ability to sign a driver?

No. Our proof-of-concept exploits rely on an already-signed driver supplied by the vendor.

Do these vulnerabilities require the ability to reflash the BIOS?

RYZENFALL, FALLOUT and CHIMERA do not require BIOS re-flashing.

MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.

Did you notify AMD only 24 hours before the publication?

Yes, we sent full details about the vulnerabilities to AMD, Microsoft, HP, Dell, and select vendors 24-hours before announcing them to the public. We did not publish technical details about the flaws, to avoid putting users at risk. Right now the public is aware of the vulnerabilities, AMD has been provided full details and are now working on patches, and security vendors have also been given full details and are now developing mitigations.

Why is the paper hosted on safefirmware.com?

For redundancy. We wanted to make sure that the link remains available in the event of a DoS attack against this site.

What is required to exploit the vulnerabilities?

Local machine admin privileges. The vulnerabilities are most harmful in APT situations on enterprise networks.

Why do these vulnerabilities matter if you need admin privileges to exploit them?

The vulnerabilities could be useful to attackers at the different stages of an APT attack against an enterprise network:
1. Persistency: Attackers could load malware into the AMD Secure Processor before the CPU starts. From this position they can prevent further BIOS updates and remain hidden from security products.
2. Stealth: Sitting inside the AMD Secure Processor or the AMD Chipset is, at the moment, outside the reach of virtually all security products. AMD chips could become a safe haven for attackers to operate from.
3. Network Credential Theft: Bypass Microsoft Credentials Guard and steal network credentials. We have a PoC version of mimikatz that works even while Credential Guard is enabled.
4. Specific AMD Secure Processor features for cloud providers, such as Secure Encrypted Virtualization, could be circumvented or disabled by these vulnerabilities.

Must an attacker be able to sign a BIOS to exploit MASTERKEY?

No. In most cases, all that's required to exploit MASTERKEY is to run an EXE with local admin privileges.

Each MASTERKEY vulnerability could provide attackers with dual capabilities: First, the capability to flash a modified BIOS, which is typically not possible because of UEFI signature verification. And second, the capability to execute code on the Secure Processor itself during boot.

If you wish to learn more about the vulnerabilities and the research, you can download our whitepaper

Existing Solutions

Solutions and mitigation by AMD and third party providers

Security Company

Date

Affected Vulnerabilities

URL

Validated By CTS-Labs

If you have created a workaround for a specific problem, please contact us at
amdflawsworkarounds@cts-labs.com, and we will post it here.

Disclaimer

This website is intended for general information purposes.  This website does not offer the reader any recommendations or professional advice.  It summarizes security vulnerabilities, but purposefully does not provide a complete description.  CTS is a research organization.  The other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.  The opinions and information in this website are solely that of CTS’s personnel. Do not attempt to exploit or otherwise take advantage of the security vulnerabilities described in the website.  You may republish this website in whole or in part as long as CTS is clearly and visibly credited and appropriately cited, and as long as you do not edit contents.  Although this website is designed to provide accurate and authoritative information, CTS and its personnel do not accept responsibility for errors or omissions.  CTS reserves the right to change the contents of this website and the restrictions on its use and CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.

Navigation:

Company website:
cts-labs.com
General Inquiry:
contact@cts-labs.com
Solutions / Workarounds:
amdflawsworkarounds@cts-labs.com
Media Inquiries:
media@cts-labs.com
972-3-3762394