AMD Investigating Report Detailing Critical Chip Vulnerabilities

Image: AMD

A white paper published by an Israeli security firm on Tuesday describes 13 vulnerabilities allegedly affecting AMD chips currently being shipped to customers.

In a statement, AMD said it is investigating the report “by a company called CTS Labs” but raised concerns over the way in which the firm disseminated its white paper, which was admittedly light on technical details. “We are actively investigating and analyzing its findings,” AMD said. “This company was previously unknown to AMD and we find it unusual for a security firm to publish research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”

Emails to AMD and CTS-Labs were not immediately returned. AMD’s media contact line went to voicemail.

The vulnerabilities—all of which require administrative (or root) access to exploit—reportedly give one the ability to compromise EPYC servers and Ryzen and Ryzen Pro workstations. (Both the AMD Ryzen chipset and AMD Secure Processor are said to be vulnerable, with the latter supposedly containing backdoors affecting “virtual all Ryzen and Ryzen Pro workstations on the market today,” CTS wrote in its report.)

According to the company’s website, CTS was founded in 2017 by Ido Li On, Yaron Luk-Zilberman, and Ilia Luk-Zilberman, respectively, CTS’s chief executive officer, chief financial officer, and chief technology officer. At least two of the CTS executives appear to have previously worked for Israeli intelligence, according to company bios and LinkedIn profiles.

Regarding the company’s lack of technical specificity, CTS wrote that it provided a summary of the reported flaws, but purposefully did not provide a complete description to avoid enabling a person with malicious intent to “actually exploit the vulnerabilities and try to cause harm to any user of the products described herein.”

Dan Guido, CEO of the security firm Trail of Bits, said on Twitter that CTS had contacted his company and provided a full technical report last week. “Regardless of the hype around the release,” he said, “the bugs are real, accurately described in their technical report, and their exploit code works.”

According to CTS, the flaws would allow malicious code to be run on the AMD Secure Processor, which would enable attackers to nab credentials and potentially spread malware throughout a Windows corporate network. According to CTS, when used in conjunction with another class of vulnerabilities, this may expose customers to “covert and long-term industrial espionage” via the installation of persistent malware.

Another flaw affecting EPYC servers would similarly allow attackers to read from and write to protected memory areas, which may be used to steal credentials protected by Windows Credential Guard, according to CTS. The company also described a flaw that takes advantage of firmware and hardware backdoors, enabling attackers to inject malicious code into the AMD Ryzen chipset.

This is a developing story.



AMD promises firmware fixes for security processor bugs

AMD confirms Ryzenfall vulnerabilities, but says they'll be fixed soon via routine BIOS updates

CTS who? AMD brushes off chipset security bugs with firmware patches

AMD Processor Flaws Real, But Limited

The New AMD Ryzen Vulnerabilities Are Real: What You Need to Know

HyperX Expands FURY DDR4 and Impact DDR4 Product Lines

Our Interesting Call with CTS-Labs

CTS Labs Responds to Allegations of Bad Faith Over AMD CPU Security Disclosures, Digs Itsel...

Hyperbole Swirls Around AMD Processor Security Threat

CTS Labs Criticized For Dubious Report, Unconventional Reporting on AMD Flaws