Security Technology Explained

The New AMD Ryzen Vulnerabilities Are Real: What You Need to Know

Gavin Phillips 19-03-2018

CPU manufacturers are enduring a rough few months. The massive Spectre and Meltdown vulnerabilities shook the computing world. And then, if the vulnerabilities weren’t bad enough, the patches put out to fix the issues came with their own set of problems. It’ll be some time until the effects of Spectre/Meltdown fade.


AMD chips weren’t unscathed. Worse, in March 2018, researchers claim to have found a raft of new AMD-specific critical vulnerabilities. However, some people in the tech world are unsure. Is there any truth to the reports of critical vulnerabilities in AMD Ryzen CPUs What Is So Good About the New AMD Ryzen? The AMD Ryzen just landed, and the world of CPUs just got interesting. What is the hype all about, and is it right for you? Read More ? Let’s take a look at the story so far.

Critical Vulnerabilities and Exploitable Backdoors

Israeli security firm CTS Labs disclosed 13 critical vulnerabilities. The vulnerabilities affect AMD’s Ryzen workstation, Ryzen Pro, Ryzen mobile architecture, and EPYC server processors. Furthermore, the vulnerabilities bare similarities to Spectre/Meltdown and could allow an attacker access to private data, to install malware, or gain access to a compromised system.

The processor vulnerabilities stem from the design of AMD’s Secure Processor, a CPU security feature that allows safe storage of encryption keys, passwords, and other extremely sensitive data. This, in conjunction with a flaw in the design of AMD’s Zen chipset that links the processor to other hardware devices.

“This integral part of most of AMD’s products, including workstations and servers, is currently being shipped with multiple security vulnerabilities that could allow malicious actors to permanently install malicious code inside the Secure Processor itself.”

Are These Vulnerabilities Real?

Yes, they’re very much real and come in four flavors:

  • Ryzenfall: Allows malicious code to take complete control of the AMD Secure Processor
  • Fallout: Allows an attacker to read from and write to protected memory areas such as SMRAM
  • Chimera: A “double” vulnerability, with one firmware flaw and one hardware flaw that allows the injection of malicious code directly into the AMD Ryzen chipset; chipset-based malware evades virtually all endpoint security solutions
  • Masterkey: Exploits multiple vulnerabilities in AMD Secure Processor firmware to allow access to Secure Processor; allows extremely stealthy persistent chipset-based malware to evade security; could allow for physical device damage

The CTS Labs security blog states, “Attackers could use Ryzenfall to bypass Windows Credential Guard, steal network credentials, and then potentially spread through even highly secure Windows corporate network […] Attackers could use Ryzenfall in conjunction with Masterkey to install persistent malware on the Secure Processor, exposing customers to the risk of covert and long-term industrial espionage.”


Other security researchers quickly verified the findings.

None of the vulnerabilities require physical device access or any additional drivers to run. They do, however, require local machine administrator privileges, so there is some respite. And let’s face it, if someone has direct root access to your system, you’re already in a world of pain.

What’s the Issue Then?

Well, no one has really heard of CTS Labs. Which on its own is not an issue. Small firms complete excellent research all the time. It is, rather, how CTS Labs went about disclosing the vulnerabilities to the public. Standard security disclosure asks researchers to give the vulnerable company at least 90-days to rectify an issue before going public with sensitive findings.


CTS Labs gave AMD a whopping 24 hours before putting their amdflaws [Broken URL Removed] site online. And that has attracted significant ire from the security community. It isn’t only the site though. The way the vulnerabilities are presented is also drawing issue. The vulnerability information site features an interview with one of the researchers, is full of infographics and other media, has exciting and catchy names for the issues and seems overblown for the release of a vulnerability. (A vulnerability they gave AMD less than 24-hours to fix, mind!)

AMD processor, computer security

CTS Labs gave their reasoning for this, too. CTS Labs CTO Ilia Luk-Zilberman explains that “the current structure of ‘Responsible Disclosure’ has a very serious problem.” Furthermore, they “think it’s hard to believe we’re the only group in the world who has these vulnerabilities, considering who are the actors in the world today.” You can read the full letter right here [PDF].

TL;DR: CTS Labs believes the 30/60/90 day waiting period prolongs the danger to already vulnerable consumers. If researchers make the disclosure straight away, it forces the hand of the company to act immediately. In fact, their suggestion of using third-party validation, as CTS Labs did with Dan Guido (whose confirmation Tweet is linked above), is sensible—but something that already happens.


Shorting AMD Stock

Other researchers downplayed the severity of the flaws due to the required level of system access. There were further questions about the timing of the report as it emerged stock short-selling firm Viceroy Research were issuing a report declaring that AMD shares might lose all their value. AMD shares did indeed take a tumble, coinciding with the release of the CTS Labs vulnerability report, but closed the day higher than before.

Linux-kernel lead developer Linus Torvalds also believe that CTS Labs approach is negligent, stating “Yes, it looks more like stock manipulation than a security advisory to me.” Torvalds also laments the unnecessary hype surrounding the release, claiming that security researchers “Look like clowns because of it.”

Torvalds ranting isn’t unprecedented. But he is right. It also comes on the back of another “security alert” requiring both a terrible SSH and terrible root password to work. Torvalds (and other security researchers and developers) point is that sometimes just because a flaw sounds dangerous and exotic, it doesn’t make it a huge issue for the general public.

Can You Stay Safe?

Well, it is a mixed security bag. Is your AMD Ryzen CPU vulnerable? Yes, it is. Is your AMD Ryzen CPU likely to see an exploit of this manner? It is somewhat unlikely, at least in the short-term.


That said, those with an AMD Ryzen system should raise their security vigilance level for the next few weeks until AMD can release a security patch. Hopefully, they’ll be a darn sight better than the Spectre/Meltdown patches Are Spectre and Meltdown Still a Threat? The Patches You Need The Spectre and Meltdown are CPU vulnerabilities. Are we any closer to fixing these vulnerabilities? Have the patches worked? Read More !

Related topics: AMD Processor, Computer Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Flakyddd
    March 20, 2018 at 1:39 pm

    How much did they pay you for this article? Those vulnerabilities are fake and the reason is clear.

    • Gavin Phillips
      March 21, 2018 at 4:43 pm

      You mean the vulnerabilities AMD literally announced today that they will be patching in the near future? CTS Labs approach to the situation is a laughable PR stunt but aside from the jazzy names, the issues are real. As I said in the article, they require some serious security mishaps to even get to the point where these exploits are feasible, but that doesn't make them fake.

      If I'd been paid everytime someone said "how much did they pay you for this article Microsoft would have made me a very, very rich person by now.

      Thanks for reading and commenting.

      • Joseph Mendoza
        January 11, 2019 at 6:31 pm

        Then how about changing the title to reflect the facts? You said it yourself, if an attacker has admin/root access, then the system is already compromised. For the first half, this article mildly fear mongers like the original report excessively does. Then you downplay the evidence against the report and end the article with the part the general public really cares about, stating that their systems may not be safe when they are, in fact, no more vulnerable than they would be on an Intel cpu since the attacker would have to already be in control to be able to do any of this. I understand the firmware based malware possible with these exploits is far more dangerous than your average adware virus, but to the general consumer, a virus is a virus, and even if you believe your article has nothing wrong, you must recognize that someone in the market for a new PC would be driven away from AMD hardware by this article which shows a clear bias against AMD.