Well as they require root access, they are automatically category 2, aka less severe. Still a problem but not ZOMG! Most users are unaffected, patches will be forthcoming etc. Might actually be able to turn off the PSP (In stark contrast to Intel Managment).
If ARM TrustZone is broken in hardware, then there will be some real fallout. ARM and all their licensees will be in trouble probably. Might be a good thing in the long run, teach people not to trust closed black box solutions for security (ofc there is a possibility that AMD botched their implementation in the PSP and only that version it vulnerable).
In infosec there is a discussion about root access vulnerabilities. Many agree that some stuff should be hardware level lockable. For example root should not be able to flash firmware if you don’t want root to have that ability. So yes, exploits that require root access is less severe but still a problem for servers etc.
There are users that have reported that “Turn Off PSP” showed up in their BIOS after a certain update. I haven’t seen any real testing to verify that it is actually off. If we get proof of concept code from the CTS jokers, then we might actually be able to test that.
CTS Labs stated to TechPowerUp that it has sent AMD, along with other big tech companies a “complete research package,” which includes “full technical write-ups about the vulnerabilities,” “functional proof-of-concept exploit code,” and “instructions on how to reproduce each vulnerability.” It stated that besides AMD, the research package was sent to Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems, to help them develop patches and mitigation.
Interesting, might there be some real information soon?
This is just perfect. Excellent explanation which could see that there are alterior motives like Fearmongering and Smear campaigning just to get someone else’s stock price higher.
So basically… This Security Firm company gets formed in 2017, and comes out with this report that states there are security holes in Ryzen that can be exploited through elevated privileges? Which basically means a person would have to give up their administrative password, or have it stolen, or whatever? Which is basically a commonly exploitable thing found in all x86 CPU’s?
No, the PO in POC stands for “proof of”. You can download code, compile it, and prove that the vulnerabilities exist and are exploitable.
@misterk81: Yes, all of the vulnerabilities listed require some combination of root access, compromised cryptographically signed drivers, and/or firmware updates. That’s why they are low criticality.
Absolutely. I have an old motherboard that has a BMC/IPMI. I can disable it with a jumper, the BMC chip simple gets no power then. I like this option a lot