|Photo By Michael Borgers via 123RF|
IT security company CTS Labs unveiled the security vulnerabilities found in some AMD processors. The chipmaker acknowledged the findings and has announced the impact and upcoming patches to resolve the issues.
There are three groups with vulnerabilities that can be used by attackers to eliminate security protocols in machines equipped with certain AMD processors. If eliminated, it will leave sensitive data exposed to attackers. AMD announced the groups, the impact of their vulnerabilities, and their upcoming mitigation plan.
1. MASTERKEY and PSP Privilege Escalation group: The possible impact of the vulnerability in this group can allow attackers to go around the security controls. And changes are likely permanent after a system reboot. AMD plans to release a firmware patch via BIOS update that is expected to cause no performance issue. For the PSP, the company is working on updates expected to be released in the coming weeks.
2. RYZENFALL and FALLOUT group: The vulnerability in this group also allows attackers to go around the security controls but does not persist across reboots. Unfortunately, the bigger problem is the installation of a difficult to detect malicious software in the system management mode or SMM. The upcoming BIOS updates and PSP firmware updates contain the fixes for this group, according to AMD.
3. CHIMERA group: This group consists of the chipset used in several sockets of AM4 desktops and sockets of TR4 high-end desktop platforms. With the vulnerabilities, attackers can directly influence the physical memory of the platforms through the chipset. Attackers may also install malware that is difficult to be detected. For the physical memory issue, AMD plans to include the fix in the upcoming BIOS update. For the malware installation, the company is currently working with a third-party provider to produce the necessary fixes.