Jump to content

[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?


Please keep the conversation civil and respectful, as per the Community Standards;

  • Ensure a friendly atmosphere to our visitors and forum members.
  • Encourage the freedom of expression and exchange of information in a mature and responsible manner.
  • "Don't be a dick" - Wil Wheaton.
  • "Be excellent to each other" - Bill and Ted.
  • Remember your audience; both present and future.


Message added by wkdpaul

Recommended Posts

Posted · Original PosterOP

CTS , a reasearch group has discovered potentially up to 13 flaws affecting Zen-based cpus ( this includes ryzen , ryzen pro , threadripper and epyc ) which could allow a malicious attacker to take control of a computer and/or access secure data that would usually stay our of reach .

CTS has contacted AMD , but only allowed them 24 hours instead of the customary 90 days , which is kind of a duck move in my opinion



Researchers have discovered critical security flaws with AMD's chips, allowing attackers to access sensitive data from highly guarded processors across millions of devices.

Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer.



Researchers from CTS-Labs, a security company based in Israel, announced on Tuesday that they found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on it. AMD's Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. 





The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws properly.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said.


Master Key:


When a device starts up, it

typically goes through a "Secure Boot." It uses your processor to check that nothing on your computer has been tampered with, and only launches trusted programs. 

The Master Key vulnerability gets around this start-up check by installing malware on the computer's BIOS, part of the computer's system that controls how it starts up. Once it's infected, Master Key allows an attacker to install malware on the Secure Processor itself, meaning they would have complete control of what programs are allowed to run during the start-up process.



This vulnerability specifically affects AMD's Ryzen chips, and would allow malware to completely take over the secure processor. 

That would mean being able to access protected data, including encryption keys and passwords. These are regions on the processor that a normal attacker would not be able to access, according to the researchers.

If an attacker can bypass the Windows Defender Credential Guard, it would mean they could use the stolen data to spread across to other computers within that network. 


Like Ryzenfall, Fallout also allows attackers to access protected data sections, including Credential Guard. But this vulnerability only affects devices using AMD's EPYC secure processor. In December, Microsoft announced a partnership with for its Azure Cloud servers using AMD's EPYC processor.


Chimera comes from two different vulnerabilities, one in its firmware and one in its hardware.

The Ryzen chipset itself allow for malware to run on it. Because WiFi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, the researchers said it was possible to install a keylogger through the chipset. Keyloggers would allow an attacker to see everything typed on an infected computer.

Source (cnet) 



 I honestly don't know what to say, but this is bad. Lets hope a patch comes in quick that doesn't cripple performance. 


Update : AMD has released a brief statement regarding the issue :


We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.


AMD Ryzen 7 3.8ghz at 1.3V Corsair vengeance LPX 8GB 2800mhz @ 3200mhz CAS 16 + 2*4GB micron ballistics @ 3200mhz cas 16 ;Gigabyte ga-ab350-Gaming 3; cooler master nepton 240M ; CF r9 290x tri x + r9 290 tri x ; CX750M PSU ; SPEC 03 case with 9 120mm fans ; windows 10 64 bit 

Link to post
Share on other sites

So just 24Hrs further notice to AMD? Bad action from whoever found these bugs.

CPU: i7-2600K 3.4GHz @1.1V (or 4.5GHz @1.36V) Motherboard: Asrock Z77 Extreme4 CPU Cooler: Cooler Master Hyper 212 Evo with single JetFlo 120 White LED fan RAM: Kingston 8GB 1600MHz (or 2133MHz) + 4GB 1600MHz x2 GPU: Asus GTX 1070 8GB Dual (White) Maximum 2088MHz @1.042V, Usually 1835MHz @0.925V HDD: Seagate Barracuda 7.2k RPM 500GB, Toshiba 1TB 7.2k RPM  SSD: Samsung 840 Pro 256GB (main boot drive), Transcend SSD370 128GB  PSU: Seasonic X-660 80+ Gold Monitor: LG 22MP55 22" 1080p 60Hz Keyboard: SteelSeries Apex M260 with Kailh Blue switches


Dumped parts:

CPU: Intel Core 2 Quad Q9400 2.66GHz, i5-4460 3.2GHz <--- For i7 master race

Motherboard: MSI G41M-P33 Combo, Asus H81M-PLUS

RAM: Xander 4GB DDR3 1333MHz, Kingston 4GB 1600MHz x2

Graphics card: Gigabyte GTX 275 896MB, Gigabyte RX 470 4GB G1 Gaming

PSU: Cooler Master Extreme Power Plus 500W rs-500-pcar-a3  <--- how did these old parts survive with this crap

Storage: WD AV 7200RPM 320GB


Dimensions in millimeters

Wraith Stealth: 102 * 114.5 * 53.4

Wraith Spire: 109 * 103 * ~70

Warith Max: 105 * 108 * 85

Link to post
Share on other sites

As scary as it sounds. THis sounds like Intel IME kind of exploit.

The norms in which determines the measure of morality of a human act are objective to the moral law and subjectively man/woman's conscience

Link to post
Share on other sites



It happens. It'll get fixed. It'll be forgotten soon enough. How many are still worried about Meltdown/Spectre? It isn't over, but the scaremongering news is over and is pretty much business as normal for most.

Coffee tasting: Asrock Z370 Pro4, i3-8350k @ 5.0 GHz, Noctua D15, G.Skill TridentZ 3000C14 @ 3866C17 2x8GB, R7 260X, ancient OCZ PSU, Corsair 600C, Crucial BX300 120GB

Main rig: Asus Maximus VIII Hero, i7-6700k stock, Noctua D14, G.Skill Ripjaws V 3200 2x8GB, Asus 1080 Ti Strix OC, Corsair HX750i, In Win 303 NVIDIA, Samsung SM951 512GB, Optane 900p 280GB, Crucial MX200 1TB, Sandisk 960GB, WD Blue 1TB, Acer Predator XB241YU

Ryzen rig: Asus Prime X370-Pro, R7 1700 @ 3.6 fixed, Corsair H110i GTX, Corsair LPX 3000 @ 2933, Vega 56, Corsair TX750, CoolerMaster MasterBox, Kingston 240GB

VR rig: Asus Z170I Pro Gaming, i7-6700k stock, Silverstone TD03-E, Kingston Hyper-X 2666 2x8GB, Zotac 1070 FE, Corsair CX450M, NZXT Manta, Samsung PM951 256GB, HTC Vive

Gaming laptop: MSI GE62 6QF Apache Pro, i7-6700HQ, 2x8GB DDR4, GTX 970M, Crucial MX300 525GB M.2 SATA SSD

Total CPU heating: i7-7800X, 2x i7-6700k, i7-6700HQ, i5-6600k, i5-5675C, i5-4570S, i3-8350k, i3-6100, i3-4360, 2x i3-4150T, E5-2683v3, 2x E5-2650, R7 1700, 1600

Link to post
Share on other sites
4 minutes ago, VegetableStu said:

I just read the source whitepaper from the researchers themselves. are they strictly hacks that can only be initiated with in-person access?

(also any idea if updating BIOSes in an active Windows environment is a thing?)

Regarding Masterkey:

Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.

That's like saying "you can exploit Windows by installing a botnet on the target machine" and claiming Windows has flaws.

Link to post
Share on other sites

this isn't aimed at average joe that was an R5, it's most for companies, it can affect us all (not me exactly i have Intel) but they have much more to lose.


Link to post
Share on other sites

While I'm sure there's some validity to this, it is highly suspicious. It's a company formed in 2017 with 3 employees. They are a consultancy firm. It seems their entire existence has been based on being paid to find exploits on AMD products. I wonder if Intel is funding this. The whole 24 hour notice and creating an entire website around it is classic con artist strategy. I also noticed the white paper emphasized "Taiwanese" a lot. Seems targeted at US institutions. 


The vulnerabilities are many and look bad but it does seem like a lot of it is based around physical access or user error - rather than remote exploit. I hope AMD has a reasonable response.


I do think it's a smear campaign though. Regardless of the validity.

Link to post
Share on other sites
31 minutes ago, Coaxialgamer said:

I honestly don't know what to say, but this is bad.

Honestly this is bad, but mostly from the perspective that this is clearly a hit piece and will likely have legal ramifications for CTS labs and their benefactor. @rcmaehl does a great job breaking down why this is the text book definition of yellow journalism.


Adding to that, since the domains for both sites were registered around the time Intel was notified of Spectre and Meltdown, this is more than likely a smear campaign put together by Intel to take some of the air out of the Ryzen 2 release next month.

Link to post
Share on other sites
Just now, snortingfrogs said:

This is pretty darn big.




Shame your post isn't. 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to post
Share on other sites
4 minutes ago, snortingfrogs said:

The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing this report.

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

Energy Dragon OTP


The Glorious PSU Tier list is back in action!

Computer having a hard time powering on? Troubleshoot it with this guide.

Computer Specs:


Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB (Sometimes as high as 1450 core, 2310 memory) (mining as we speak)

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: $15 Philips earbuds yay

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:


Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites
Just now, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

It's not a law, it's just a gentlemen's agreement between giving the developer time to fix it and letting everyone else know there's a problem. And the only way to know your system is fixed is to know how to exploit it and see the exploit fail.

Link to post
Share on other sites
Just now, M.Yurizaki said:

It's not a law, it's just a gentlemen's agreement between giving the developer time to fix it and letting everyone else know there's a problem.

I think this should have been handled in a similar manner to Spectre and Meltdown. At least patches would have been in place for some of them. 

Link to post
Share on other sites
1 minute ago, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

Well that was when Intel was involved also, this only affects AMD as far as I can tell so I consider them lucky they even gave them 24 hours...

Link to post
Share on other sites
7 minutes ago, Some Random Member said:

Well Intel payed for the "independent research" so they need to use all the scary sounding words.


It's not mentioned in the article linked.



6 minutes ago, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

Nope. The reason why other vulnerabilities such as those discovered by Google are given months of time before public disclosure is because they are being nice and acting responsibly. They have no obligation to do so however.

It's actually not that uncommon that people and companies publicly announces vulnerabilities as soon as they are discovered, or like in this case where they were given 24 hours.

Link to post
Share on other sites
50 minutes ago, rcmaehl said:

This all screams smear campaign

How can one, at this point, believe it not to be such? All you really need for this conclusion is the name of that website. They even say shit like


Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports

in their disclaimer on that site...


Not to mention that all of those "flaws" seem to require admin privileges on the computer, direct access on said computer or even tampering with the hardware, like the bios thing. Seriously how can you even call it a flaw when you must hack the motherboard's bios for it to exist in the first place?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.