Published in PC Hardware

AMD announces details of Chimera flaws

by on27 March 2018


So it probably was a dodgy short-selling move

Last week AMD was hit by claims that its chips had a security flaw which would take years to fix, however it is starting to look like the security outfit which identified the flaws was singling out the chipmaker.

AMD has acknowledged the bugs and says that, in coming weeks, it will have new firmware available to resolve them. These firmware fixes will also mitigate the chipset bugs.

AMD’s CTO Mark Papermaster underlined the fact that root-level (administrator) OS access is needed to be able to useexploits against the vulnerabilities. That means they’re difficult to exploit – and anyone who managed to get unauthorised admin access to a machine could wreak all sorts of havoc on it without needing the bugs.

Papermaster clarified that fixes are in the pipeline, and that firmware patches would be released via BIOS updates to tackle the Masterkey, Ryzenfall and Fallout groups of vulnerabilities. A fourth group of flaws, known as Chimera, which affects systems using the ‘Promontory’ chipset, will receive attention via mitigating patches delivered through BIOS updates.

Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).

Masterkey, Ryzenfall, and Fallout are all problems affecting the Platform Security Processor (PSP), a small ARM core that's integrated into the chips to provide certain additional features such as a firmware-based TPM security module. The PSP has its own firmware and operating system that runs independently of the main x86 CPU. Software running on the x86 CPU can access PSP functionality using a device driver, though this access is restricted to administrator/root-level accounts. The PSP is also typically not exposed to guest virtual machines, so virtualised environments will typically be protected.

The firmware updates will also mitigate, in some, the Chimera issue, with AMD saying that it's working with ASMedia, the third-party hardware company that developed Promontory for AMD, to develop suitable protections. In its report, CTS said that while one CTS attack vector was a firmware bug - and correctable - the other was a hardware flaw. If true, there may be no effective way of solving it.

But the CTS disclosure, which gave AMD 24 hours to fix was widely seen as an attempt to short sell AMD shares. This short notice period led Linux creator Linus Torvalds to say that CTS' report "looks more like stock manipulation than a security advisory".

Short seller Viceroy Research said that the flaws were "fatal" to AMD, that its share price should drop to $0, and that the company should declare bankruptcy.

 

Last modified on 27 March 2018
Rate this item
(0 votes)

Read more about: