• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Low quality post by Durvelle27

Durvelle27

Moderator
Staff member
Joined
Jul 10, 2012
Messages
6,788 (1.50/day)
Location
Memphis, TN
System Name Black Prometheus
Processor |AMD Ryzen 7 1700
Motherboard ASRock B550M Pro4|MSI X370 Gaming PLUS
Cooling Thermalright PA120 SE | AMD Stock Cooler
Memory G.Skill 64GB(2x32GB) 3200MHz | 32GB(4x8GB) DDR4
Video Card(s) ASUS DirectCU II R9 290 4GB
Storage Sandisk X300 512GB + WD Black 6TB+WD Black 6TB
Display(s) LG Nanocell85 49" 4K 120Hz + ACER AOPEN 34" 3440x1440 144Hz
Case DeepCool Matrexx 55 V3 w/ 6x120mm Intake + 3x120mm Exhaust
Audio Device(s) LG Dolby Atmos 5.1
Power Supply Corsair RMX850 Fully Modular| EVGA 750W G2
Mouse Logitech Trackman
Keyboard Logitech K350
Software Windows 10 EDU x64
I smell fish
 
Joined
Oct 12, 2008
Messages
31 (0.01/day)
System Name Tim
Processor AMD Ryzen Threadripper 1950X
Motherboard MSI X399 Gaming Pro Carbon
Cooling Noctua NH-U14S TR4-SP3
Memory 32 GiB DDR4-2400 ECC/U
Video Card(s) Radeon Radeon VII (16 GiB)
Storage Intel Optane 900P (280 GB, NVMe) + Samsung 950 Pro (512 GB, NVMe)
Display(s) HP Pavilion 32 (MVA)
Case Corsair Vengeance C70 (Green)
Audio Device(s) Realtek ALC1220 -> S/PDIF TOSLINK -> BT Transceiver -> Sennheiser HD 4.40 BT
Power Supply Seasonic Platinum 1000
Mouse Logitech G603 (Wireless)
Keyboard Rosewill RK-9000 V2 (MX Blue)
Software Debian Testing (64-bit)
It's so funny seeing AMD aficionados going in defense mode :p

Defense of what? This isn't even the same class of thing. It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre. It's just regular malware doing regular malware things. I get it though. They desperately need/want it.

When it can survive a reinstall it's still a big issue. If these flaws are confirmed they are fairly signifigant.

As I said earlier, 2018 is going to be a rough year for processor security...

The processor itself just has RAM and ROM. You can't actually "install" malware to the processor itself. It has to be loaded at startup from firmware. It's just like microcode updates. If you overwrite the system board's firmware, that is a different sort of problem.
 
Joined
Dec 31, 2009
Messages
19,371 (3.55/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
Defense of what? This isn't even the same class of thing. It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre. It's just regular malware doing regular malware things. I get it though. They desperately need/want it.
It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny. :)
 
Joined
Mar 6, 2018
Messages
133 (0.05/day)
It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny. :)
In fact 24-hour timeframe is not enough to verify the nature or existance of the "bugs".
 
Joined
Apr 26, 2008
Messages
232 (0.04/day)
System Name 3950X Workstation
Processor AMD Ryzen 9 3950X
Motherboard ASUS Crosshair VIII Impact
Cooling Cryorig C1 with Noctua NF-A12x15
Memory G.Skill F4-3600C16D-32GTZNC
Video Card(s) ASUS GTX 1650 LP OC
Storage 2 x Corsair MP510 1920GB M.2 SSD
Case Realan E-i7
Power Supply G-Unique 400W
Software Win 10 Pro
Benchmark Scores https://smallformfactor.net/forum/threads/the-saga-of-the-little-gem-continues.12877/
These guys, with their 24-hr notice, flashy titles, throw-AMD-name-everywhere attitude, and a disclaimer that even states their "potential" gains in AMD stock performance (if one doesn't have any gains, one states as such), are:

1) Hotshot wannabees in desperate need of attention and publicity, with no interest in "public interest"
2) Scumbags that probably bet big on AMD stock sell options
3) Dirtbags that probably got clued-in and supported (technically and/or financially) by Intel
4) Even worse filthbags if some/all of this turns out to be fake

I pray for everybody's sake (AMD and Intel users alike) that this is all fake...
 
Joined
Mar 18, 2008
Messages
5,717 (0.94/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
Some one js trying tk manipulate stock price of AMD that is for sure
 

the54thvoid

Super Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
13,059 (2.39/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
So, the first 3 exploits require admin rights.... Okay - panic over, put your pitchforks away and go home people.

The last is hypothesised and not fully verified. It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.

Finally, just for some layperson perspective.

The first 3 expoits all need admin rights. Effectively, that means your PC is vulnerable to, well pretty much you. Duh..... Here are some more exploits from the54thvoid's Bug Factory that you may be liable to:

Coffee Hack - If you spill coffee into your PC case - it might not work anymore.
Porn Wrist - Certain websites you visit may give you RSI.
Dark Souls Impact Bug - Playing Dark Souls may result in a broken mouse or keyboard. Or desk. Or bruised knuckles.
 
Joined
Oct 19, 2007
Messages
8,259 (1.32/day)
Processor Intel i9 9900K @5GHz w/ Corsair H150i Pro CPU AiO w/Corsair HD120 RBG fan
Motherboard Asus Z390 Maximus XI Code
Cooling 6x120mm Corsair HD120 RBG fans
Memory Corsair Vengeance RBG 2x8GB 3600MHz
Video Card(s) Asus RTX 3080Ti STRIX OC
Storage Samsung 970 EVO Plus 500GB , 970 EVO 1TB, Samsung 850 EVO 1TB SSD, 10TB Synology DS1621+ RAID5
Display(s) Corsair Xeneon 32" 32UHD144 4K
Case Corsair 570x RBG Tempered Glass
Audio Device(s) Onboard / Corsair Virtuoso XT Wireless RGB
Power Supply Corsair HX850w Platinum Series
Mouse Logitech G604s
Keyboard Corsair K70 Rapidfire
Software Windows 11 x64 Professional
Benchmark Scores Firestrike - 23520 Heaven - 3670
Who wants to pool money together and get some AMD stock? :toast:
 

Durvelle27

Moderator
Staff member
Joined
Jul 10, 2012
Messages
6,788 (1.50/day)
Location
Memphis, TN
System Name Black Prometheus
Processor |AMD Ryzen 7 1700
Motherboard ASRock B550M Pro4|MSI X370 Gaming PLUS
Cooling Thermalright PA120 SE | AMD Stock Cooler
Memory G.Skill 64GB(2x32GB) 3200MHz | 32GB(4x8GB) DDR4
Video Card(s) ASUS DirectCU II R9 290 4GB
Storage Sandisk X300 512GB + WD Black 6TB+WD Black 6TB
Display(s) LG Nanocell85 49" 4K 120Hz + ACER AOPEN 34" 3440x1440 144Hz
Case DeepCool Matrexx 55 V3 w/ 6x120mm Intake + 3x120mm Exhaust
Audio Device(s) LG Dolby Atmos 5.1
Power Supply Corsair RMX850 Fully Modular| EVGA 750W G2
Mouse Logitech Trackman
Keyboard Logitech K350
Software Windows 10 EDU x64

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,855 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
So, the first 3 exploits require admin rights.... Okay - panic over, put your pitchforks away and go home people.

The last is hypothesised and not fully verified. It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.
They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."
 
Joined
Dec 31, 2009
Messages
19,371 (3.55/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
Lets assume its true or not....doesnt matter. If you published this data, do you honestly expect them to be able to handle the inquiries? Even if its just BS?

I understand why it looks bad, but, at the same time, it doesnt take much thought to realize its needed (PR company) when releasing this kind of info...
 
Last edited:
Joined
Dec 15, 2016
Messages
630 (0.22/day)
This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition
 
Joined
Jun 10, 2014
Messages
2,987 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
I really dislike the trend of giving all "major" vulnerabilities nicknames.

The details of these new claims remains to be confirmed by other parties. But it should come as no surprise to anyone that a lot of hardware is riddled with vulnerabilities, since the general mentality in the industry is to deal with security concerns the public is aware of exploits. This problem is a known fact for other hardware, especially networking equipment. Almost every router have known exploits which are never fixed, both cheap consumer gear and high-end enterprise equipment. Most vulnerabilities fall into the categories of carelessness by developers or built-in debugging/support features.

If anything the press should focus on the underlying problem of designing for security rather than making up nicknames and focusing too much on singular edge cases.
 
Joined
Apr 26, 2008
Messages
232 (0.04/day)
System Name 3950X Workstation
Processor AMD Ryzen 9 3950X
Motherboard ASUS Crosshair VIII Impact
Cooling Cryorig C1 with Noctua NF-A12x15
Memory G.Skill F4-3600C16D-32GTZNC
Video Card(s) ASUS GTX 1650 LP OC
Storage 2 x Corsair MP510 1920GB M.2 SSD
Case Realan E-i7
Power Supply G-Unique 400W
Software Win 10 Pro
Benchmark Scores https://smallformfactor.net/forum/threads/the-saga-of-the-little-gem-continues.12877/
This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition


No it's not as bad as it is flashy. Even if all is true, it's not nearly at the same level of Intel vulnerabilities. Have you read it?
 
Joined
Sep 6, 2013
Messages
3,342 (0.81/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 32GB - 16GB G.Skill RIPJAWS 3600+16GB G.Skill Aegis 3200 / 16GB JUHOR / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes/ NVMes, SATA Storage / NVMe boot(Clover), SATA storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10
Ryzenfall, AMDflaws site, only 24 hours given to AMD.

Many many jokes are coming in my mind about Jews and dollars. I would like to apologize in advance about this.
 
Joined
Oct 28, 2012
Messages
1,190 (0.27/day)
Processor AMD Ryzen 3700x
Motherboard asus ROG Strix B-350I Gaming
Cooling Deepcool LS520 SE
Memory crucial ballistix 32Gb DDR4
Video Card(s) RTX 3070 FE
Storage WD sn550 1To/WD ssd sata 1To /WD black sn750 1To/Seagate 2To/WD book 4 To back-up
Display(s) LG GL850
Case Dan A4 H2O
Audio Device(s) sennheiser HD58X
Power Supply Corsair SF600
Mouse MX master 3
Keyboard Master Key Mx
Software win 11 pro
Wow. amdflaws.com is so well made. The website is clean, looks modern, with interview on green screen, motion design used to explain the flaws. They made a youtube channel just for that. It's not even technical they are explaining what's a cpu and a chipset.
They are checking all the point needed to impress someone who isn't tech-savyy.

That's remind me all of those video to learn how to make to money with a secret that banks and millionaire don't want to share.

Even IF this is end up to be true the effort they made on communication can't hide a malicious intent.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,855 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
I read the article. You changed Chimera's status from bios "flashable" to "non-flashable", is that correct?
Chimera allows you to run arbitrary code in the chipset. If the BIOS chip was connected directly to the chipset, then this would enable silent flashing in any system state as long as the chipset has power.

Since the BIOS chip is connected to the CPU on Zen, this is not possible, at least not directly. It's still possible to use DMA to write code into the CPU memory, which then gets executed, which then flashes the ROM.

Edit: I'll research whether the chipset is connected to the SPI bus on which the ROM lives.

Edit: Not connected to the SPI bus, not sure if true for all board models though
 
Last edited:
Joined
Mar 7, 2011
Messages
4,566 (0.91/day)
They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."
Considering the paper is not peer-reviewed and fishy behaviour of AMD and press being notified at the same time with only 24hr period given to AMD. The article should mention those researchers in double quotes. Also what is with TPU eagerly posting clickbait articles with highly questionable unverified/non peer-reviewed whitepapers shame on you guys for this behaviour.
 
Joined
Jan 17, 2006
Messages
932 (0.14/day)
Location
Ireland
System Name "Run of the mill" (except GPU)
Processor R9 3900X
Motherboard ASRock X470 Taich Ultimate
Cooling Cryorig (not recommended)
Memory 32GB (2 x 16GB) Team 3200 MT/s, CL14
Video Card(s) Radeon RX6900XT
Storage Samsung 970 Evo plus 1TB NVMe
Display(s) Samsung Q95T
Case Define R5
Audio Device(s) On board
Power Supply Seasonic Prime 1000W
Mouse Roccat Leadr
Keyboard K95 RGB
Software Windows 11 Pro x64, insider preview dev channel
Benchmark Scores #1 worldwide on 3D Mark 99, back in the (P133) days. :)
Meanwhile, as I type, AMD's share price is INCREASING ...
 
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
Source on that?

"The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges)."

It means the modification has to be highly specific for a target computer. You can't just flash some BIOS, it has to be for that specific board. Chances of applying this in practice on a mass scale is totally unlikely because there is just too many variables involved starting with endless variants of motherboards. It's still an issue when it comes to a targeted attack of a particular workstation (assuming user has admin rights access to do it). The rest of vulnerabilities are a lot more problematic because you can apply them on large scale.
 
Joined
Mar 13, 2018
Messages
68 (0.03/day)
Redflags

1. AMD given 24 hour ransom style notice this was going out. = bad faith.. Spectre and Meltdown were known for months to allow for mitigations to be produced.
2. The company domain was registered in February.
3. There is a disclaimer on the report that says says "you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports." Looks like they are trying to tank stock to buy it up on the cheap because they expect Ryzen+ to boost AMD's financials.
4. Timing of the release is 1 year exactly from Ryzen release date.
5. Slides/presentation has production quality to deliver maximum impact. This is not the status quo for this type of research.
6. They fail to point out very clearly these alleged vulnerabilities require admin privileges. This is unlike Spectre and Meltdown.

Did I miss any?
 
Top