13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD’s “Zen” CPU microarchitecture, which are as damning the three recent “Meltdown” and “Spectre” vulnerabilities that affect various CPU manufacturers at varying degrees (Intel, AMD, and ARM). The thirteen new CVEs are broadly classified into four groups based on the similarity in function of the processor that they exploit: “Ryzenfall,” “Masterkey,” “Fallout,” and “Chimera.”

The researchers have redacted their whitepapers on each of the 13 new vulnerabilities, and have given AMD time for a response, before threatening to publish their whitepapers. The laws call for a 90-day notice period before a vulnerability is made public, so hardware/software manufacturers have time to address it. The Google Project Zero teams behind Meltdown/Spectre CVEs entered NDAs with chipmakers that lasted months, before they could make their findings public, earlier this year.

Without going into the details, the team posted this video detailing each of the four main categories of vulnerabilities:

1. “Masterkey”: This is an exploit of the Secure Boot feature, in which your computer makes the processor check if nothing has been tampered with on your machine (i.e. changes in firmware, hardware or the last software state before shutdown). The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges). Theoretically Secure Boot should validate the integrity of the BIOS, but apparently this can be bypassed, exploiting bugs in the Secure Processor metadata parsing. Once the BIOS signature is bypassed you can put pretty much any ARM Cortex A5 code into the modified BIOS, which will then execute inside the ARM-based Secure Processor – undetectable to any antivirus software running on the main CPU, because the antivirus software running on the CPU has no way to scan inside the Secure Processor.

2. “Ryzenfall” is a class of vulnerabilities targeting Secure Processor, which lets a well-designed malware stash its code into the Secure Processor of a running system to get executed for the remaining of the system’s uptime. Again, this attack requires administrative privileges on the host machine, but can be performed in real-time, on the running system, without modifying the firmware. Secure Processor uses system RAM, in addition to its own in-silicon memory on the CPU die. While this section in memory is fenced off from access by the CPU, bugs exists that make that punch holes into that protection. Code running on the Secure Processor has complete access to the system; Microsoft Virtualization-based Security can be bypassed and additional malware can be placed into system management storage, where it can’t be detected by traditional antivirus software. Windows Defender Credentials Guard, a component that stores and authenticates passwords and other secure functions on the machine can also be bypassed and the malware can spread over the network to other machines, or the firmware can be modified to exploit “Masterkey”, which persists through reboots.

3. “Fallout”: This class of vulnerabilities affects only AMD EPYC servers. It requires admin privileges like the other exploits, and has similar effects. It enables an attacker to gain access to memory regions like Windows Isolated User Mode / Kernel Mode (VTL1) and Secure Management RAM of the CPU (which are not accessible using administrative privileges). Risks are the same as “Ryzenfall”, the attack vector is just different.

4. “Chimera”: This is a class of vulnerabilities is an exploitation of the motherboard chipset (e.g. X370 internally known as Promontory). AMD outsourced design of their Ryzen chipsets to Taiwanese ASMedia, which is a subsidiary of ASUS. You might know the company from the USB chips on a large number of motherboards. The company has been known for lax security practices and numerous issues were found in their earlier controller chips. For the AMD chipset design it looks like they just copy-pasted a lot of code and design, including existing vulnerabilities. The chipset has its own code that tells it what to do, and here’s the problem. Apparently a backdoor has been implemented that gives any attacker knowing the right code full access to the chipset, including executing arbitrary code inside the chipset. This code can now use the DMA engine to read/write system memory, possibly to inject malware. Whether DMA can access the fenced off memory portions of the Secure Processor is doubtful (we are checking with CTS on that). Your keyboard, mouse, network controllers, wired or wireless, are connected to the chipset, which opens up various other attack mechanisms like keyloggers (that send off their logs by directly accessing the network controller without the CPU/OS ever knowing about these packets), or logging all interesting network traffic, even if it’s destination is another machine on the same Ethernet segment. so are other input devices. As far as we know, the ROM chip is connected to the CPU on Zen, not to the chipset, so flashing firmware might not be possible with this approach.

The researchers have set up an intuitive repository on on their findings in on the website AMDFlaws.com

Many Thanks to Earthdog for the tip.https://www.techpowerup.com/rss/news