CTS disclosed several "flaws" in the AMD Ryzen architecture chips. These flaws are called Ryzenfall, Masterkey, Fallout and Chimera (https://amdflaws.com/). However several technology sites (for example Wired) and blogs raised questions as to the motives, release style and severity of the flaws. There also seems to be a very odd disclaimer on the CTS sites. So far it has been hard to find any data without a lot of hype. How severe are these flaws and what do I need to do to secure my systems?
Asked
Active
Viewed 249 times
1 Answers
5
Quotes from the rather detail-free whitepaper:
Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.
Exploitable only if you've got the BIOS manufacturer's signing key (if they use one), have written a custom BIOS for the computer being targeted, and (generally) have physical access to the machine.
Exploitation [of RYZENFALL] requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.
Exploitation [of FALLOUT] requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.
Prerequisites for Exploitation [of CHIMERA]: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.
So, at a minimum, you already need full control of the computer and a third party's signing key to exploit these vulnerabilities. Might be useful for a state-level actor trying to install an undetectable keylogger or the like, but the average person isn't at increased risk because of them.
