AMD has readied patches against MasterKey, Fallout, and Chimera vulnerabilities

by Hilbert Hagedoorn on: 05/04/2018 07:45 AM | source: | 28 comment(s)

AMD has finished up its patches for vulnerabilities that security company CTS Labs announced last month. The chip designer reports that the updates for, among others, Epyc chips are in the final phase of testing and should become available next month through a Firmware patch.

CTS Labs announced the bugs unexpectedly and without any warning a while ago, according to the security company, it would take many months to close the vulnerabilities. CTS recently once more contacted Toms Hardware to 'express their concern about the lack of updates from AMD regarding these vulnerabilities'. The company said it believed many of the vulnerabilities 'would take months to fix'. One of them, Chimera, would even require a hardware change.

According to AMD we can expect updates this month, AMD has explained to Tom's Hardware. Ecosystem partners should already have the new patches for internal testing with this response:

Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly. We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month. We expect these patches to be released publicly as our ecosystem partners complete their validation work.

Let us again reiterate, the vulnerabilities within the AMD systems require admin privileges and for most things, physical access to the hardware to modify things, thus a local exploit in a context where Admin Access Rights are needed.

Meanwhile, CTS labs pushed another document full of accusations, released May 1st this month (there's not a single word on Intel recent or upcoming Vulnerabilities on their websites, of course):

Related Stories

AMD has lowered Radeon 6850 pricing in the EU - 08/10/2011 08:47 AM
AMD has decided to lower the pricing for Radeon HD 6850 based graphics cards, which now have an MSRP of 129

AMD has 10-core CPUs in the pipeline - 07/26/2011 09:28 AM
Lots of processor nes the past few days alright, a new roadmap leaked which shows that AMD is planning 10-core processors for consumers, they are planned for 2012 already. The processors are part of ...

AMD has over 800.000 DX11 class GPUs shipped - 12/16/2009 05:16 AM
Interesting story over at Xbitlabs today. They claim that Advanced Micro Devices, said on Monday that it had shipped over 800 thousand of graphics processing units (GPUs) that support DirectX 11 appli...

2 pages 1 2

waltc3
Senior Member

Posts: 1010
Joined: 2014-07-22

#5543882 Posted on: 05/04/2018 04:20 PM

AMD should call these people frauds, publicly, and write them off. All OSes are deliberately and purposefully written to open up to anyone with physical access and admin privileges! That's by design. No one should be giving these imbeciles the time of day, imo. They are worse than worthless.

D3M1G0D
Senior Member

Posts: 1993
Joined: 2017-03-10

#5543887 Posted on: 05/04/2018 04:25 PM

Relax. Nobody is taking CTS Labs seriously, and there's no point in generating more news about it. It was a failed assassination attempt, AMD is doing fine, it's all good.

schmidtbag
Senior Member

Posts: 4570
Joined: 2012-11-10

#5543904 Posted on: 05/04/2018 05:01 PM

AMD should sue those mofos for all they're worth.

So they should sue them for $10? Because that's probably all they're going to get out of it. :p

Aura89
Senior Member

Posts: 7715
Joined: 2008-07-31

#5543988 Posted on: 05/04/2018 09:01 PM

Wow, CTS labs, have you even read your own "letter"?

How much more unprofessional can a company get? lol?

sykozis
Senior Member

Posts: 21098
Joined: 2008-07-14

#5544000 Posted on: 05/04/2018 09:59 PM

These guys are nothing but frauds. Even actual security experts have stated that it's impossible to predict exactly what AMD can or can not do with the Zen architecture because only AMD knows exactly how it functions.

Also, AMD stated that fixes would be available "in the coming weeks".... So, by that statement, AMD is on time with the patches and CTS Labs has invalidated themselves. No legitimate security company releases a statement 6 weeks later..... They do their public disclosure and move on... Also, no real security firm purposefully ignores vulnerable products such as CTS Labs has done.....

xIcarus
Senior Member

Posts: 941
Joined: 2010-08-24

#5544098 Posted on: 05/05/2018 09:51 AM

AMD has encrypted portions of its PSP firmware. However, this 'Security by Obscurity' does not fix any of the vulnerabilities CTS discovered.

Bahahaha encryption is not security through obscurity you dumb fucks.
Who pays these guys? You have to be mentally incapable of paying such incompetent people in order to make other people look bad.

moo100times
Senior Member

Posts: 117
Joined: 2012-06-24

#5544207 Posted on: 05/05/2018 06:05 PM

I find it funny how this time round so many sites that were claiming that the claims from CTS were valid are all suspiciously staying quiet about this, and now also being quiet around the new round of Spectre Variant flaws particularly impacting Intel chips. The biases of the tech news sources are beginning to strongly reveal themselves, glad guru3d still has integrity to report it all!

AsiJu
Senior Member

Posts: 5842
Joined: 2010-10-16

#5544211 Posted on: 05/05/2018 06:18 PM

I guess it's good that AMD made patches to these "problems", just to appease the naysayers who would otherwise use their could-have-been "negligence" as flak, but at the same time I feel a little bit irritated that AMD is, in a way, justifying their actions. Don't feed the trolls.

So they should sue them for $10? Because that's probably all they're going to get out of it. :p

Lols, yeah.

Well CTS having a court ruling demanding they pay AMD a few million in damage control would at least slow those scammers down the next time.

Yes, I'll still applaud Hilbert for the professional news bit he wrote earlier and now this one.

Thank you G3D.

The Reeferman
Member

Posts: 92
Joined: 2013-11-10

#5544447 Posted on: 05/07/2018 01:08 AM

Well CTS having a court ruling demanding they pay AMD a few million in damage control would at least slow those scammers down the next time.

I think Intel's budget for marketing purposes is big enough to pay the bills, if they win more then they loose in the end it won't stop them. Although this attempt seems to have failed to damage AMD's reputation in any meaningful way.

Size_Mick
Senior Member

Posts: 356
Joined: 2002-03-22

#5544486 Posted on: 05/07/2018 08:44 AM

What, CTS Labs is still there?

Also gotta love this:

AMD:
"... as well as patches mitigating Chimera across all AMD platforms..."

CTS Labs:
"... CHIMERA cannot be directly fixed..."

Not saying anything good about CTS here, but I do wish to point out that mitigating is not the same as fixing. If it matters to anyone, it might be a good idea to get a clear answer from AMD on this particular point.

AsiJu
Senior Member

Posts: 5842
Joined: 2010-10-16

#5544493 Posted on: 05/07/2018 09:46 AM

Not saying anything good about CTS here, but I do wish to point out that mitigating is not the same as fixing. If it matters to anyone, it might be a good idea to get a clear answer from AMD on this particular point.

Yeah you're right. However my choice of wording wasn't any worse than theirs so...

AMD did reply to the earlier report and said they'd investigate and patch if necessary or something in that vein.
Can't recall particulars about Chimera though but you'll find the response from Guru3D news items.

And now they have / are releasing patches so I suppose there is some theoretical accuracy to these findings (as AMD has actually patched them).

Fox2232
Senior Member

Posts: 9762
Joined: 2012-07-20

#5544501 Posted on: 05/07/2018 11:17 AM

^/^^ mitigation is good choice of words in this situation. 1st it does not imply that there is no more chance to pull similar thing when 'attacker' has direct physical access to system. (Since this is smearing campaign and use of wording implying 100% safety may come with barrage of dirt later.)
2ndly, there is really no such thing as 100% safety from actions of someone having access needed in those 'attacks'. So, if anyone wants to cause harm with such access, then system will get screwed in other way.

yagma
Junior Member

Posts: 1
Joined: 2018-11-18

#5608471 Posted on: 11/18/2018 03:15 PM

Shame on 911-nation's CTS for their hitjob! Interesting none-the-less. If anything hopefully it will encourage AMD to get on it. AMD's own website, blog, and forum haven't released any data about any patches. The link also falsely cites, like AMD's blog, outdated and or incorrect data, falsely claiming these exploits are only possible with admin access, whereas CVEdetails & NIST.GOV clearly state they are remote exploits capable over the network and do not require permissions or authentication

All 13 exploits are exploitable remotely over the network, with zero privileges, meaning no admin access necessary, as reported by NIST.GOV & cvedetails.com
https://www.cvedetails.com/vulnerability-list/vendor-id-7043/AMD.html
https://nvd.nist.gov/vuln/detail/CVE-2018-8936
https://nvd.nist.gov/vuln/detail/CVE-2018-8935
https://nvd.nist.gov/vuln/detail/CVE-2018-8934
https://nvd.nist.gov/vuln/detail/CVE-2018-8933
https://nvd.nist.gov/vuln/detail/CVE-2018-8932
https://nvd.nist.gov/vuln/detail/CVE-2018-8931
https://nvd.nist.gov/vuln/detail/CVE-2018-8930

HP appears to be the only one releasing patches:
https://support.hp.com/gb-en/document/c05950716

HP's website, like AMD cites the same outdated and or incorrect information. HP patched their servers which USE this chipset. HP's statements about "Commercial Desktop workstations not being impacted", they use Intel chipsets. They are patching "Commercial desktops and notebooks" for HP & Compaq computers. A great sign, however we are not seeing any of this with major third party motherboard vendors such as ASRock, ASUS, or MSI.

Regarding Chimera backdoors, disabling the ASmedia chipset via bios would be a choice worth having until something better potentially comes along. 3rd party USB 3 controllers could be installed via PCI-E expansion slots. https://www.techpowerup.com/242386/cts-labs-responds-to-a-techpowerup-technical-questionnaire I have brought this to AMD's attention.

There is a new firmware released on Nov 15, 2018 for the Asmedia ASM-1042A to ASM-1074 USB 3.x Controllers that should allow users to flash over any CHIMERA malware hiding in the firmware. Problem is if the malware gets in thereafter, you may have to wait for a future FW update. Most flashing utils and or chipsets wont allow flashing the same installed, or older firmware. In the age of chimera, not being able to flash over the same version FW is not a very wise policy. The last time an update was released was over a year ago, and before that, 2014; according to the previous link.
https://www.station-drivers.com/index.php?option=com-remository&Itemid=353&func=select&id=462&lang=en

I don't see anything suggesting FW level chimera vulnerabilities were addressed in this firmware, but a re-flash will overwrite any malware regardless...

If ASmedia could release a security tool that automates this, running this regularly will ensure no hardware level exploits can remain intact on the chipset. I'm unware if asmedia locks users out from reflashing the same firmware.

2 pages 1 2

Post New Comment

Click here to post a comment for this news story on the message forum.