Author: Chris Hoffman / Source: howtogeek.com
AMD has now confirmed that the “AMD Flaws” revealed by CTS-Labs are real. We recommend installing the BIOS update that fixes them when it’s available. But, don’t worry too much. The danger of these flaws has been exaggerated.
Four separate vulnerabilities have been identified, and they are named Ryzenfall, Masterkey, Fallout, and Chimera.
These flaws affect AMD Ryzen processors and EPYC server processors, which are both based on AMD’s Zen microarchitecture. Right now, there have been no reports of these vulnerabilities being taken advantage of in the wild. The flaws themselves have only recently been confirmed. And unfortunately, there’s no way yet of determining if a CPU has been compromised. But, here’s what we do know.The Attacker Needs Administrative Access
The real takeaway here is that every single vulnerability CTS-Labs announced requires administrative access on a computer running an AMD Ryzen or EPYC CPU to exploit. And, if the attacker has administrative access on your computer, they can install keyloggers, watch everything you’re doing, steal all your data, and perform many other nasty attacks.
In other words, these vulnerabilities allow an attacker who has already compromised your computer to do additional bad things they shouldn’t be able to do.
These vulnerabilities are still a problem, of course. In the worst case, an attacker can effectively compromise the CPU itself, hiding malware inside it that persists even if you reboot your PC or reinstall your operating system. That’s bad, and AMD is working on a fix. But an attacker still needs administrative access to your PC in the first place to execute this attack.
In other words, this is much less scary than the Meltdown and Spectre vulnerabilities, which allowed software without administrative access—even JavaScript code running on a web page in a web browser—to read data to which it shouldn’t have access.
And, unlike how patches for Meltdown and Spectre could slow down existing systems, AMD says there will be no performance impact when fixing these bugs.
What Are MASTERKEY, FALLOUT, RYZENFALL, and CHIMERA?
Three of the four vulnerabilities are attacks on AMD’s Platform Security Processor, or PSP. This is small, embedded security coprocessor built into AMD’s CPUs. It actually runs on a separate…
The post How Bad Are the AMD Ryzen and Epyc CPU Flaws? appeared first on FeedBox.