AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeksby Ian Cutress on March 20, 2018 4:15 PM EST
If you have been following our coverage regarding the recent security issues found in AMD’s processors and chipsets by security research firm CTS-Labs, it has been a bit of a doozy. Today AMD is posting on their website, in the form of a blog post, the results from their initial analysis, despite CTS-Labs only giving them 1-day notice, rather than the industry standard 60/90-days, as they felt that these were too important and expected AMD to fix them in a much longer timescale. Despite this attitude, AMD’s blog post dictates that all the issues found can be patched and mitigated in the next few weeks without any performance degradation.
The salient high-level takeaway from AMD is this:
- All the issues can be confirmed on related AMD hardware, but require Admin Access at the metal
- All the issues are set to be fixed within weeks, not months, through firmware patches and BIOS updates
- No performance impact expected
- None of these issues are Zen-specific, but relate to the PSP and ASMedia chipsets.
- These are not related to the GPZ exploits earlier this year.
AMD’s official statement is as follows:
Initial AMD Technical Assessment of CTS Labs Research
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users’ data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.
The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
As described in more detail below, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.
Senior Vice President and Chief Technology Officer
This is followed by a table describing the issues, stating that each issue can be solved by BIOS/firmware updates in the coming weeks. AMD is also set to provide additional updates on the analysis of the issues and mitigation plans over that time. AMD is also prominent about addressing the security issues only, over any others that might have been discussed.
Post Your CommentPlease log in or sign up to comment.
View All Comments
SaturnusDK - Tuesday, March 20, 2018 - linkThis statement really puts the unprofessionalism by CTS into perspective when it's issues that could fairly easily been remedied without public knowledge of them had proper warning time been given.
It also confirms the previous assessment that this vulnerability affects more or less all PCs and servers that uses the target chipset, and is not confined to the Ryzen platform but literally 99% of all Intel motherboards from the last 6-7 years as well.
edzieba - Tuesday, March 20, 2018 - linkWhich is none: on Intel boards, Intel's PCHs are used. If an ASMedia host controller is present, it is as a device hung off of the PCIe bus like any other PCIe device.
SaturnusDK - Tuesday, March 20, 2018 - linkWhich means Intel and AMD use them in exactly the same way.
edzieba - Tuesday, March 20, 2018 - linkNope: Intel make their own chipset, but the Ryzen and Epic chipsets are not made by AMD. The entire chipset is made instead by ASMedia.
PixyMisa - Wednesday, March 21, 2018 - linkRyzen and Epyc CPUs are a systems-on-a-chip. The "chipset" is literally just an I/O controller on the PCIe bus, exactly as with any ASMedia chip on an Intel motherboard.
SaturnusDK - Wednesday, March 21, 2018 - linkWhat he's probably referring to is that Intel used to design their own IO controllers that was used on some but not all Intel branded server motherboards. Virtually no consumer motherboards or indeed server motherboard from other manufacturers used or uses Intel IO controllers.
Intel does not use Intels own IO controllers on most of their current generation server motherboards as the specifically developed ASmedia1143 that AMD also use on the Ryzen platform is used instead of their own internally developed IO controllers.
edzieba - Wednesday, March 21, 2018 - link"Virtually no consumer motherboards or indeed server motherboard from other manufacturers used or uses Intel IO controllers."
The X299 (or Z370, H2xx, etc) PCH contains the IO controllers, PCIe logic (e.g. for RST and Optane), etc. Those chips are designed and fabbed by Intel. For AMD platforms, some IO is on the die (using ASMedia designs but fabbed by GlobalFoundries) and some IO is on the 'chipset' (designed by ASMedia and manufactured by whoever they contract it to).
There's no reason for a server board to contain an ASM1143 as you're not going to be plugging USB 3.1 devices into it.
SaturnusDK - Wednesday, March 21, 2018 - link"The X299 (or Z370, H2xx, etc) PCH contains the IO controllers..."
Oh, so that's why ASUS, Gigabyte, Asrock, just to name a few use ASMedia IO controllers built with the the exact same IP on all their current x299 and z370 motherboards?
Practically only Intel uses Intel branded (but ASMedia designed and fabbed) chipsets on any motherboard available today.
Cooe - Tuesday, March 20, 2018 - linkUSB Chipsets and other added I/O on Intel boards are often the exact same ASMedia chips that AMD uses for Promontory. ASUS in particular uses them all the time.
looncraz - Wednesday, March 21, 2018 - linkShow me a system that can't be exploited AFTER I have admin access AND a custom BIOS... I dare ya!