AMD confirms Ryzenfall vulnerabilities, but says they'll be fixed soon via routine BIOS updates

Stay tuned for patches from AMD and your motherboard vendor over the next few weeks.

Credit: CTS-Labs/YouTube

AMD has acknowledged the Ryzenfall vulnerabilities discovered by CTS-Labs, though the chip company believes the flaws can be patched via BIOS updates issued over the next few weeks.

In a blog post authored by AMD’s chief technical officer, Mark Papermaster, AMD confirmed that the four broad classifications of attacks—Masterkey, Ryzenfall, Fallout, and Chimera—are viable, though they require administrative access to the PC or server in question. Third-party protection, such as Microsoft Windows Credential Guard, also serve to block unauthorized administrative access, Papermaster wrote.

In any event, “any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research,” AMD’s Papermaster added.

But AMD also provided the answer to consumers’ most pressing question: What, if anything, needs to be done? For each of the first three classifications of vulnerabilities, AMD said it is working on firmware updates that the company plans to release during the coming weeks. That firmware will be distributed via a BIOS update that the company already planned to release. “No performance impact is expected,” AMD added.

The fourth category of vulnerability, known as Chimera, affected the Promontory chipset, which CTS-Labs said was designed with logic supplied by ASMedia, a third-party vendor. While AMD said patches for that will also be released via a BIOS update, the company said it is working with the Promontory chipset maker on developing the mitigations, rather than supplying its own.

AMD has neither confirmed nor denied whether the attacks can be executed remotely, or require local access. AMD did deny, however, that the attacks have anything to do with Meltdown or Spectre, the two side-channel attacks that rival Intel has worked to patch.

About a week ago, CTS-Labs issued a press release as well as a website outlining the vulnerabilities, which the company provided to AMD less than 24 hours before CTS-Labs went public, AMD said. But CTS-Labs also drew fire over boilerplate copy on its website that implied a potential financial interest in the subjects of its reports. PCWorld attempted to interview CTS executives, but later rescinded that request after CTS-Labs representatives demanded a list of questions in advance, and also forbade us from asking about the timing and the company’s financial motivations.

In the meantime, however, the vulnerabilities were confirmed by two independent researchers, Trail of Bits and Check Point. Both expressed doubts that attackers would be able to exploit the vulnerabilities that CTS-Labs had originally discovered.

What this means to you: For now, everyone can take a deep breath and relax. While AMD did not say specifically when the patches would be released, it sounds like they’ll be coming in the next few weeks. Since it’s unlikely that the vulnerabilities would be weaponized in such a short time, Ryzen PC owners can probably feel confident that their PCs are secure.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags AMDRyzen

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mark Hachman

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?