The 13 vulnerabilities listed in the white paper allegedly affect all Ryzen and Ryzen Pro products now on the market, as well as EPYC server CPUs made by AMD, but do require root-level (administrator) operating-system access in order to exploit.
"Malware running on the chipset could leverage the latter's Direct Memory Access (DMA) engine to attack the operating system". The vulnerabilities, which are examined at length at TechRepublic's sister site CNET, center around the implementation of the AMD Platform Security Processor (PSP).
Ryzenfall threatens the secure OS running on top of the Secure Processor, potentially bypassing virtualization and injecting malware.
The third, dubbed Fallout, consists of three design-flaw vulnerabilities inside the boot loader component of EPYC's Secure Processor.
The security notice also points out that to ensure public safety, all technical details that could be used to reproduce the vulnerabilities have been redacted.
According to CTS-Labs, there are three derivatives of Masterkey, all of which have been proven on Epyc and Ryzen. The impact of RYZENFALL is similar to that of FALLOUT, but on the Ryzen line of CPUs instead of Epyc. Chimera has been tested on Ryzen and Ryzen Pro, CTS-Labs claimed.More news: Raspberry Pi 3 Model B+ on sale for US$35
However, CTS Labs claims that its actions are meant to highlight what is described as AMD's "disregard of fundamental security principles" in the hope that the security community takes note. The development of the Ryzen Chipset was actually outsourced to a Taiwanese company called ASMedia Technology, according to CTB-Labs.
Though AMD was only given 24 hours notice of the vulnerabilities, the domain publicizing the disclosure was registered on February 22nd. Attackers who gain elevated admin privileges can exploit these flaws to allow arbitrary code execution on the Secure Processor, as well as gain access to protected memory regions. CTS also says a bad actor could infect chips with malware, steal credentials on high-security enterprise networks and cause physical damage to hardware, all while remaining virtually undetectable by most security solutions.
"This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. We are investigating this report, which we just received, to understand the methodology and merit of the findings", an AMD spokesman told CNET.
In its 20-page report, titled "Severe Security Advisory on AMD Processors", CTS notes that it "may have, either directly or indirectly, an economic interest in the performance" of AMD's stock and that of other companies.
"Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works", he tweeted.
Criticism has been aimed at the way the Israeli firm has publicized their findings. All of the vulnerabilities require an attacker to already have gained administrator access to a machine, and the "MasterKey" vulnerability requires BIOS flashing in order to exploit. While majority require administrative access to the machine through malware putting additional malware on the secure processor itself a huge potential for damage.