Glider from the game of Life, rising from the left




Topic: #Ryzenfall

Serious Vulnerabilities Have Been Reported in Widely Used AMD Chipsets


Security researchers at CTS Labs have audited the hardware design and software configuration of some recent processors manufactured by Advanced Micro Devices (AMD). The audit turned up thirteen serious vulnerabilities. CTS Labs has prepared a white paper that lists and analyzes these vulnerabilities and demonstrates each one with proof-of-concept code. The researchers have sent copies of the white paper to “AMD, select security companies that can develop mitigations, and the U.S. regulators.” They published a redacted version of the white paper that omits all of the demonstrations and any parts of the analysis that they thought would be too helpful to malicious attackers.

To achieve the preconditions for any of these vulnerabilities, attackers would need to have root privileges on the machine they wanted to exploit. Even so, the vulnerabilities are serious, because they make it possible to install malware in system components that are normally inaccessible. Rebooting the computer, rolling back to a recovery image, or even reinstalling the operating system would have no effect on malware stored in those components. Depending on the local network configuration, the reported vulnerabilities may also make it easier for the attacker to break into other systems and to acquire root privileges on them.

The white paper asserts that AMD introduced two of the vulnerabilities into its chipset by outsourcing much of the design and implementation of one of the subsystems (“Promontory”) to another chip manufacturer, ASMedia:

The Promontory chipset is powered by an internal microcontroller that manages the chip's various hardware peripherals. Its built-in USB controller is primarily based on ASMedia ASM1142, which in turn is based on the company's older ASM1042. In our assessment, these controllers, which are commonly found on motherboards made by Taiwanese OEMs, have sub-standard security and no mitigation against exploitation. They are plagued with security vulnerabilities in both firmware and hardware, allowing attackers to run arbitrary code insider the chip, or to re-flash the chip with permanent malware. This, in turn, could allow for firmware-based malware that has full control over the system, yet is notoriously difficult to detect or remove. Such malware could manipulate the operating system through Direct Memory Access (DMA), while remaining resilient against most endpoint security products.

Specifically, the researchers discovered two sets of “hidden manufacturer backdoors,” some in the firmware and some in the hardware, any one of which provides an avenue for the introduction of malware into the Promontory processor.

“Severe Security Advisory on AMD Processors”
CTS Labs, March 2018

“Severe Security Advisory on AMD Processors”
CTS Labs, AMD Flaws, March 2018

“Clarification about the Recent Vulnerabilities”
CTS Labs, March 2018

“A Raft of Flaws in AMD Chips Makes Bad Hacks Much, Much Worse”
Dan Goodin, Ars Technica, March 13, 2018

“Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors”
Lorenzo Franceschi-Bicchierai, Motherboard, March 13, 2018

#Ryzenfall #Advanced-Micro-Devices #security-auditing

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (

created June 1, 2014 · last revised December 10, 2018