AMD Says Patches Coming Soon For Chip Vulnerabilities (securityweek.com)
wiredmikey writes: After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) says patches are coming to address several security flaws in its chips. In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.
AMD said that patches will be released through BIOS updates to address the flaws, which have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA. The company said that no performance impact is expected for any of the forthcoming mitigations.
Except that it's not.
It took them a week to acknowledge, then post something.
Nearly every Zen-based CPU has the problem, and there is no chain of authorities to say that these aren't somehow already affected, because you CAN'T FIND THE HIDDEN POSSIBILITIES because of their architecture. Any system can have a flash drive-reboot, get infected, and you'd never know the difference because correctly constructed, the malware isn't detectable.
If a BIOS can be re-flashed, it can be flashed back again. This is an architectural problem that isn't going to be easily fixed. Every sysadmin is going to have to look for unscheduled reboots, which is the first sign that something got root, then re-flashed the system with the vulnerabilities cited, likely with a malware payload.
So it's not pretty, and it's another sign of deep problems in CPU architecture.
---- Teach Peace. It's Cheaper Than War.