• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Security
  • 13 Critical flaws and exploitable backdoors found in various AMD chips

13 Critical flaws and exploitable backdoors found in various AMD chips

Pierluigi Paganini March 14, 2018

Security researchers at Israel-based CTS-Labs have discovered 13 critical vulnerabilities and exploitable backdoors in various AMD chips.

The flaws could be potentially exploited to steal sensitive data, install malicious code on AMD-based systems, and gain full access to the compromised systems. The flaws expose servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors to attacks.

CTS-Labs promptly reported the flaws to AMD, Microsoft and “a small number of companies that could produce patches and mitigations.”

“We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings.” reads a statement published by AMD.

“This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise.”

This analysis conducted by the experts revealed four classes (RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY) of vulnerabilities affecting the AMD Zen architecture processors and chipsets that usually contain sensitive information such as passwords and encryption keys.

The flaw could allow to bypass AMD’s Secure Encrypted Virtualization (SEV) technology and also Microsoft Windows Credential Guard.

“The AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains critical vulnerabilities. This integral part of most of AMD’s products, including workstations and servers, is currently being shipped with multiple security vulnerabilities that could allow malicious actors (“attackers”) to permanently install malicious code inside the Secure Processor itself.” reads the report published by the experts.

“These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions”

The researchers also discovered two exploitable manufacturer backdoors inside Ryzen chipset that could be exploited to inject malicious code into the chip.

AMD flaws

The number of total products affected (Successfully Exploited) is 21, but the researchers believe that 11 more products are also vulnerable.

Dan Guido, the founder of security firm Trail of Bits, who was informed of the flaws before their public disclosure confirmed that existence of all 13 AMD vulnerabilities.

Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.

— Dan Guido (@dguido) March 13, 2018

The vulnerabilities enable attackers to bypass security measures like Microsoft’s latest Credential Guard technology or EPYC Secure Processor’s Secure Encrypted Virtualization security feature.

Let’s see in detail the vulnerabilities:

  • Chimera is a flaw in Ryzen workstation and Ryzen Pro, it includes two sets of manufacturer backdoor flaws that allow malicious code to be injected into the Ryzen chipsets. The exploitation of Chimera issued could allow attackers to install malware to leverage the Direct Memory Access engine to attack the operating system.

“Chipset-based malware could evade virtually all endpoint security solutions on the market.” reads the analysis.

“Malware running on the chipset could leverage the latter’s Direct Memory Access (DMA) engine to attack the operating system. This kind of attack has been demonstrated.”

  • The Ryzenfall impacts AMD’s Ryzen workstation, Pro and mobile lineups, it could allow attackers to inject a malicious code to take complete control over the AMD Secure Processor and leverage the technology’s privileges to read and write protected memory areas (including SMRAM and the Windows Credential Guard isolated memory).

Attackers could use RYZENFALL to bypass Windows Credential Guard, steal network credentials, and then potentially spread through even highly secure Windows corporate networks.” continues the analysis.

“Attackers could use RYZENFALL in conjunction with MASTERKEY to install persistent malware on the Secure Processor, exposing customers to the risk of covert and long-term industrial espionage.”

  • Fallout vulnerabilities impact AMD’s EPYC server chips and could be exploited to read from and write to protected memory areas including SMRAM and Windows Credential Guard isolated memory (VTL-1).

“An attacker could leverage these vulnerabilities to bypass BIOS flashing protections that are implemented in SMM.”

  • Masterkey flaw breaks down into three separate vulnerabilities found in AMD’s Secure Processor firmware, they can be exploited to infiltrate the Secure Processor in EPYC server, Ryzen workstation, Ryzen Pro and Ryzen mobile chips.

“The flaw facilitates network credential theft by allowing Windows Credential Guard to be bypassed.” states the report. “Physical damage and bricking of hardware. Could be used by attackers in hardware-based “ransomware” scenarios.”

Many of the flaws are firmware vulnerabilities and it could take much time to address them, while the Chimera hardware vulnerabilities cannot be fixed.

It is still unclear if the flaws are currently being exploited in the wild.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – AMD vulnerabilities, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

AMD Hacking Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini August 20, 2025
Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin
Read more
Pierluigi Paganini August 20, 2025
DOJ takes action against 22-year-old running RapperBot Botnet
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    DOJ takes action against 22-year-old running RapperBot Botnet

    Cyber Crime / August 20, 2025

    Google fixed Chrome flaw found by Big Sleep AI

    Security / August 20, 2025

    Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

    Data Breach / August 20, 2025

    A hacker tied to Yemen Cyber Army gets 20 months in prison

    Cyber Crime / August 20, 2025

    Exploit weaponizes SAP NetWeaver bugs for full system compromise

    Security / August 20, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT