AMD Security Issues

IF TRUE, it sounds like the problem isn’t AMD, it’s ASMedia and they’re the ones who should have been thrown under the bus.

5 Likes

And there are hundreds of thousands of ASMedia chipsets on Intel platforms.

1 Like

The PSP also exposes an API to the host computer. The FALLOUT and RYZENFALL vulnerabilities exploit the PSP APIs to gain code execution in the PSP or the SMM.

This here can potentially be mitigated by use of the “Disable PSP” UEFI setting.
As what the setting essentially does, is disable this API wich functions as a Mailbox / MMIO for communication between the ‘Host’ processor and the PSP.

For reference:

CTS claim in their report:

AMD has recently released a BIOS update that supposedly allows users disable the Secure Processor, but this feature works only partially and does not stop the RYZENFALL attacks.

I thought motherboard makers released BIOS updates.

I’m thinking about the “Works Partially” part.

Meaning it may work against the ‘Fallout’ vuln or perhaps limit part of the 4 Ryzenfall vulns.

AMD releases the AGESA updates. Version 1.1.0.0 is supposed to exposes an option in BIOS for disabling the PSP.

Right… But you would think high level security researchers would state it was an AGESA update and not a BIOS update.

Everyone gets that wrong all the time.
BIOS -> UEFI is routinely mixed by everyone.

Would be pretty sloppy of them to mention the new AGESA option in the earlier Mitigations-part and then conveniently “forget” it in the next and state “No known mitigations”. The CTS people would never do that, would they?

Yeah, you’d think that…

What strikes me as strange is Ryzenfall being 4 flavours, one more than the 3 Spectre ones.
Might just be coincidence, may be deliberate.

Might be because people did not like the Intel platform thing, so they want to earn points for allowing to disable it.

It’s just the 4 different impacts, really it’s 1 with different access areas.

image

So I don’t see ASMedia running AMD or their OWN defense here.

Again, if they are using an Asmedia exploit, Intel is vulnerable to, as well as other platforms that may use ASMedia chipsets in this way.

I really appreciate that security exports are trying to be objective about this but I have seen time and time again either in small print or a foot note that the likely hood of carrying out this exploit is slim.

I would have expected someone to have come up with a vulnerability doing the same thing towards Intel and ARM devices at this point to show how over blown the CTS exploits are.

It is just so sad that the real motives seem to be not related to security at all and that the news outlets are not picking up on this. I know investigative journalist died over a decade ago, but come on. What are they teaching the kids in college now if this is the type of stuff that “qualified” journalist from “trusted” outlets are regurgitating. They have to have at least one CIS person in their organization. That person would have said that this is not the issue that it seems to be. Code cannot prevent lazed physical security.

There were a very serious REMOTE exploit in Intel AMT not that long ago. Your machine get owned over the network. That was pretty serious, and still nobody cared. But do a slick YT video and suddenly run-of-the-mill root access vulnerabilities are BIG NEWZZZ.

Aaaarggh…

1 Like

Intel Sympathizers: B B … bu … But intel only has three while AMD has 4. That is one less than AMD. Intel is obviously more secure

Reasonable people: Intel requires not physical access to the box. Both should not exist, but one is extremely less likely to happen. The other may have been happening for years.

2 Likes

And still nothing from Cutress about that phonecall… but checking on his tweet he could retweet he was going to go live with someone and talk about it in 3 hours. So who knows, that may be getting buried too.

With regards to the time frame, I’m sure we’ve all seen it but doesn’t seem to have been emphasized here:
Most of these exploits appear at this point to affect extremely common chips from the last 6 years (ASMedia chips, in both Intel and AMD, and who knows maybe ARM boards). There is some particular concern with Ryzen as it appears AMD may have integrated the ASMedia code into the CPU die itself when moving USB 3.0 controller code in (that’s what some are claiming anyway, but I haven’t seen confirmation of this being the case myself). Still, it’s not a different problem from the general ASMedia problem that affects everything, and seems like something that can be fixed (along with all the difficulties of exploiting in the first place).

Until someone tells me these vulnerabilities don’t require some combination of root access, signed compromised drivers, and/or firmware updates to exploit I’m just gonna continue to shake my head at all the ruckus and not care.

3 Likes

I suspect he actually got nothing out of them but a lot of hot air.

They have a point, something actually useful might come of this yet.

image

1 Like