A recent CTS Labs security audit has revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. In total, there are 13 critical security vulnerabilities found that are said to significantly increase risk of cyber-attacks. CTS Labs, today published a press release about the ‘Severe Security Advisory’ as well as a dedicated site called amdflaws.com, a full whitepaper, and a video overview.
According to CTS-Labs, there are four primary platform exploits that have been discovered and each of which have their own variants. The four primary vulnerabilities are Ryzenfall, Fallout, Chimera, and Masterkey. Some of the backdoors have existed for six years as some of the exploits are through the ASMedia chipsets. AMD uses ASMedia as its third-party chipset supplier, so it is now facing the same backdoor issues on its own chipsets.
The good news is that three of the four vulnerabilities require local admin access. We are still digesting all the information and have reached out to AMD for a statement.
Update 03/13/2018 3pm CT: We have received the following statement from AMD – “At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings.”