Reading Time: 2 minutes

Now that Meltdown and Spectre vulnerabilities are almost fixed, there is a new critical vulnerabilities, this time specific only for several AMD CPU. There are 13 critical security vulnerabilities and manufacturer backdoors discovered throughout AMD Ryzen & EPYC product lines. Yes, also the lates AMD CPU models!

Like with Meltdown and Spectre, there is a dedicated web site (amdflaws.com) that provide more detail about them.

Those critial security vulnerabilities can be grouped in four different classes: Ryzenfall, Masterkey, Fallout and Chimera.

A list of the potential AMD chip vulnerabilities, according to CTS-Labs:

amd ryzen vulnerability map
CTS-Labs/AMDFlaws.com

The four new AMD-specific vulnerabilities largely attack the AMD Secure Processor, logic which creates a protected environment for executing sensitive tasks.

All AMD users are affected? Potentially yes, but attacks are possible only in some cases.

CTS Labs released a letter clarifying some of the technical details of the exploits, in response to some criticism that has been leveled at the security firm regarding the plausibility that these exploits could even be put to use by a malicious actor.

“The vulnerabilities described in our site are second-stage vulnerabilities. What this means is that the vulnerabilities are mostly relevant for enterprise networks, organizations and cloud providers,” CTS Labs said in a statement. “The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.”

Andrea MauroAbout Andrea Mauro (2918 Posts)

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-18. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-18. Nutanix NTC 2014-18. PernixPro 2014-16. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.


Share