• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n

rugabunda

New Member
Joined
May 22, 2018
Messages
24 (0.02/day)
HP lists them:
http://h22208.www2.hpe.com/eginfolib/securityalerts/AMD/AMD-Flaws.html
https://www.hpe.com/us/en/services/security-vulnerability.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03841en_us&docLocale=en_US
Government lists them:
https://nvd.nist.gov/vuln/detail/CVE-2018-8933
CVE's have been registered:
https://www.cvedetails.com/vulnerability-list/vendor_id-7043/AMD.html

https://fortiguard.com/psirt/FG-IR-18-046

The related CVEs are:

1. CVE-2018-8930: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1,

MASTERKEY-2, and MASTERKEY-3.
2. CVE-2018-8931: The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
3. CVE-2018-8932: The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and

RYZENFALL-4.
4. CVE-2018-8933: The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
5. CVE-2018-8934: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
6. CVE-2018-8935: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
7. CVE-2018-8936: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.

Impact
Execute unauthorized code or commands, Escalation of privilege, Information Disclosure

Affected Products
The following Fortinet products are NOT affected:
FortiOS
FortiAP
FortiAnalyzer
FortiSwitch

References
https://safefirmware.com/amdflaws_whitepaper.pdf
https://safefirmware.com/Whitepaper+Clarification.pdf
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

More:https://www.bleepingcomputer.com/ne...rkey-fallout-and-chimera-cpu-vulnerabilities/
 
Last edited:
Joined
Mar 10, 2010
Messages
10,020 (2.25/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II/Trig
Processor Amd R5 5600G/ Intel 8750H/3800X
Motherboard Crosshair hero8 impact/Asus/crosshair hero 7
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Sapphire refference Rx vega 64 EK waterblocked/Rtx 2060/GTX 1060
Storage Silicon power 1TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dellshiter
Case Lianli p0-11 dynamic/strix scar2/aero cool shiter
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock /850 watt ?
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
HP lists them:
http://h22208.www2.hpe.com/eginfolib/securityalerts/AMD/AMD-Flaws.html
https://www.hpe.com/us/en/services/security-vulnerability.html
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03841en_us&docLocale=en_US
Government lists them:
https://nvd.nist.gov/vuln/detail/CVE-2018-8933
CVE's have been registered:
https://www.cvedetails.com/vulnerability-list/vendor_id-7043/AMD.html

https://fortiguard.com/psirt/FG-IR-18-046

The related CVEs are:

1. CVE-2018-8930: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1,

MASTERKEY-2, and MASTERKEY-3.
2. CVE-2018-8931: The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
3. CVE-2018-8932: The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and

RYZENFALL-4.
4. CVE-2018-8933: The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
5. CVE-2018-8934: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.
6. CVE-2018-8935: The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW.
7. CVE-2018-8936: The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.

Impact
Execute unauthorized code or commands, Escalation of privilege, Information Disclosure

Affected Products
The following Fortinet products are NOT affected:
FortiOS
FortiAP
FortiAnalyzer
FortiSwitch

References
https://safefirmware.com/amdflaws_whitepaper.pdf
https://safefirmware.com/Whitepaper+Clarification.pdf
https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

More:https://www.bleepingcomputer.com/ne...rkey-fallout-and-chimera-cpu-vulnerabilities/
Are intel that sweaty you now have a job, sad times.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,502 (3.80/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) 2x PNY GTX1070 :: GT720
Storage Plextor M5s 128GB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I mean, those were supposedly real flaws, but they had more to do with (ASMEDIA, I believe?) chipsets rather than AMD themselves... though you could still wag a finger at AMD for using such chipsets. They'd also be incredibly tough to pull off... much like Spectre and Meltdown and all the other variants that we've found out about recently.
 
Joined
Jan 17, 2006
Messages
930 (0.16/day)
Location
Ireland
System Name "Run of the mill" (except GPU)
Processor R9 3900X
Motherboard ASRock X470 Taich Ultimate
Cooling Cryorig (not recommended)
Memory 32GB (2 x 16GB) Team 3200 MT/s, CL14
Video Card(s) Radeon RX6900XT
Storage Samsung 970 Evo plus 1TB NVMe
Display(s) Samsung Q95T
Case Define R5
Audio Device(s) On board
Power Supply Seasonic Prime 1000W
Mouse Roccat Leadr
Keyboard K95 RGB
Software Windows 11 Pro x64, insider preview dev channel
Benchmark Scores #1 worldwide on 3D Mark 99, back in the (P133) days. :)
@rugabunda Why don't you also mention the fixes that were released?
 
Joined
May 6, 2012
Messages
184 (0.05/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n


Sounds legit.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,502 (3.80/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) 2x PNY GTX1070 :: GT720
Storage Plextor M5s 128GB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
"Helping manufactures make hardware secure". Because this ragtag group of whoevers knows better than the engineers. Okay. :laugh:
 
Top