New Spectre-like flaws found in 'virtually all' AMD processors

AMD Vulnerabilities Map

New Spectre-like flaws found in 'virtually all' AMD processors

Although standard responsible coordinated disclosure protocols call for giving the vendor 90 days respond before details were made public, the researchers from CTS Labs reportedly gave AMD just 24 hours to respond before releasing information on the flaws.

The Masterkey vulnerabilities are described by the researchers as "a set of three vulnerabilities allowing three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself".

The flaws were discovered by CTS-Labs, a security outfit in Israel. AMD is in the process of investigating the matter. "At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise". We are actively investigating and analyzing its findings.

It's not yet clear how serious these newly discovered flaws are. However, they also admitted they don't know if these AMD flaws are being exploited in the wild and "firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix, [and] hardware vulnerabilities such as Chimera can not be fixed and require a workaround". According to the report, AMD Ryzen Workstation, Ryzen Pro, Ryzen Mobile, and EPYC Server chipsets are vulnerable. In theory, that opens up a window for malicious attackers to take advantage of the vulnerability before any fix is in place.

The industry at large is still reeling from Spectre and Meltdown. It remains to be seen what the fallout might be like for these newly discovered flaws.

Altre Notizie