AMD’s own version of Spectre/Meltdown It is called CHIMERA, RYZENFALL, FALLOUT and MASTERKEY
Today, a rollout of vulnerabilities and hardware backdoors affecting AMD Ryzen, Ryzen Pro and EPYC processors were released dubbed, Chimera, Ryzenfall, Fallout and Masterkey. It’s also possible that other motherboards with the ASMedia chipsets are affected by these vulnerabilities. The impact of these vulnerabilities is more severe than Meltdown/Spectre as it allows an attacker to execute highly privileged code and persist on the victim machine. Also, according to the publication CHIMERA vulnerability may be very hard/impossible to patch. That said, these vulnerabilities require admin privileges and are limited to the specified processors.
Cybercriminals leveraging CHIMERA, RYZENFALL, FALLOUT and MASTERKEY vulnerabilities can be leveraged by an attacker creating a malware that will be very hard to detect and protect against without mitigations from AMD. These are the potential capabilities:
- Persist inside AMD’s Secure Processor and thus allow the malware to survive Operating System reinstallation.
- Execute code on AMD’s Promontory Chipsets.
- Run code in System Management Mode (SMM) which has higher privileges than the operating system.
- Bypass Credential-Guard and other VBS mitigations.
AMD was notified and is looking into the dozens of vulnerabilities affecting AMD’s processors. Protection against the exploitation of vulnerabilities affecting memory, down to the kernel would be ideal. Unfortunately, if the vulnerability is due to a design failure of a processor, it is nearly impossible to detect or protect against cyber criminals exploiting a vulnerability or a series of vulnerabilities. By leveraging these vulnerabilities an attacker can potentially run code on the chipset which has direct access to memory, network, keyboard and more. According to the publications some of these vulnerabilities are embedded in the Chip’s ASIC Hardware a patch may not be possible. To learn more, please visit enSilo’s FAQ.