Ryzen and EPYC AMD flaws partially detailed with just 24 hours disclosure notice, despite potentially significant exploits including secure processor takeover or security bypass.
March 13th, 2018 By Michael Heller
Security researchers announced four classes of vulnerabilities and manufacturer backdoors in modern AMD chipsets, but withheld details due to an unconventionally short disclosure window.
Researchers at CTS Labs, a cybersecurity research firm and consultancy based in Tel Aviv, claimed they found 13 vulnerabilities in AMD's EPYC server, Ryzen, Ryzen Pro and Ryzen Mobile chipsets. The AMD flaws -- named Ryzenfall, Masterkey, Fallout and Chimera -- can reportedly lead to malicious actors taking over Ryzen chipsets or the Secure Processors of either Ryzen or EPYC chipsets, infecting AMD chips with malware, stealing credentials, bypassing endpoint security or causing physical damage to hardware.
Full Article.