Hot on the heels of Spectre and Meltdown, researchers say they have discovered more than a dozen new critical security flaws affecting AMD’s Ryzen and Epyc processor lines.
The vulnerabilities purportedly lie in what is supposed to be a secure part of the processors where sensitive information is contained.
The flaws were discovered by CTS-Labs, a security outfit in Israel. Unlike Google’s Project Zero team, which alerted chipmakers months in advance to Spectre and Meltdown before disclosing them to the public, CTS-Labs gave AMD less than 24 hours to look at its findings and respond before publishing the details. AMD is in the process of investigating the matter.
It’s not yet clear how serious these newly discovered flaws are. As presented, the 13 flaws fall into four categories called Master Key, Ryzenfall, Fallout, and Chimera. Between the four main vulnerabilities, an attacker could bypass a Ryzen or Epyc CPU’s secure boot and install malware into the BIOS, and the onto the processor itself. They could also leverage a pair of manufacturer backdoors to compromise a system’s firmware and chipset.