Researchers claim AMD flaws threaten Ryzen, EPYC chips

AMD Vulnerabilities Map

AMD Vulnerabilities Map

CTS-Labs, an Israeli security firm, published details of 13 critical security flaws Tuesday. If what they're saying is accurate, it would mean that millions of AMD-powered PCs on the market today are vulnerable to having malicious code run on the secure boot section of the processor. It remains to be seen what the fallout might be like for these newly discovered flaws.

Lastly, the Chimera vulnerabilities are alleged "manufacturer backdoors" in both firmware and in the Ryzen chip's ASIC hardware as part of the Promontory chipset "responsible for linking the processor to external devices such as Hard Drives, USB devices, PCI Express cards, and occasionally also Network, Wi-Fi and Bluetooth controllers".

It is unclear how hard it would be for a malicious actor to obtain such a digitally signed driver.

According to CNET, the researchers only gave AMD 24 hours to look at the report before publishing, an unusual move.

Advanced Micro Devices is investigating a report that some of its processors have security vulnerabilities, the U.S. chipmaker said on Tuesday. "We are actively investigating and analyzing its findings", AMD wrote in an investor relations blog post.

CTS Labs did not immediately respond to a request for further comment. However, they also admitted they don't know if these AMD flaws are being exploited in the wild and "firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix, [and] hardware vulnerabilities such as Chimera can not be fixed and require a workaround". The flaws could put organizations at increased risk of cyber-attacks, the report said.