• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
Chimera allows you to run arbitrary code in the chipset. If the BIOS chip was connected directly to the chipset, then this would enable silent flashing in any system state as long as the chipset has power.

Since the BIOS chip is connected to the CPU on Zen, this is not possible, at least not directly. It's still possible to use DMA to write code inside the CPU memory, which then gets executed, which then flashes the ROM.

Edit: I'll research whether the chipset is connected to the SPI bus on which the ROM lives.
What I took from the first edition was, you needed that "Masterkey" in order for that to work(system memory addressing to PSP memory still wasn't possible), otherwise the system integrity check would bust it out since it is still blocked from any other vector than Masterkey.
This version is more cryptic, good luck to the readers.
 
Last edited:

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,664 (2.41/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
According to what Anandtech has mentioned about these "flaws", not only would you need admin access, but also a signed driver.
As far as I'm aware, it's not very easy to get a signed driver for Windows these days, as Microsoft does a fair amount of testing, especially on drivers from new companies.
I'm also not aware of any other way to get an authentic signed driver that will install without kicking up a major fuss.

Let's wait and see what the fallout (sorry) of this will be, but it's obviously not good news if any of this proves to be true. On the other hand, it seems like a lot of it can be patched in software without causing any performance related issues, since none of these claimed vulnerabilities would affect the system performance as it looks.

Also, why would the CFO of a security company be in a video about security vulnerabilities? That makes no sense at all...
And why do they sound Russian rather than Israeli?

Edit: Also, why would AMD's CPU's have the same security issues as ASMedia's chips? The chipset, sure, but the CPU's, no. The "CEO" claim they found these issues when they were looking into the security of chips made by ASMedia and then somehow found the same "back doors" that they found in ASMedia chips were in AMD's processors. This makes no sense at all.

Also note that the so called whitepaper is located at safefirmware.com, i.e. an entirely different website. Does that mean this is some kind of scam to make money from some kind of alternative UEFI/firmware implementation?


Edit 2: A quick look on LinkedIn shows the Co-Founder at CEO of CTS Labs with a five year gap since his last job, which was for some kind of software cyber security company that is now part of Magic Leap (yes, that company). It makes you wonder how someone like this comes out of nowhere to become the face of something like this.

As to my comment above about sounding Russian, I guess the CFO and one other guy actually speaks Russian, so it might just "colour" their English.
 
Last edited:

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,852 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
What I took from the first edition was, you needed that "Masterkey" in order for that to work, otherwise the system integrity check would bust it out since it is still blocked from any other vector than Masterkey.
This version is more cryptic, good luck to the readers.
Yes, you need the masterkey to execute Chimera. The Secure Processor firmware validation or UEFI validation has nothing to do with this attack and can not prevent it.
 
Joined
Jul 10, 2011
Messages
797 (0.16/day)
Processor Intel
Motherboard MSI
Cooling Cooler Master
Memory Corsair
Video Card(s) Nvidia
Storage Western Digital/Kingston
Display(s) Samsung
Case Thermaltake
Audio Device(s) On Board
Power Supply Seasonic
Mouse Glorious
Keyboard UniKey
Software Windows 10 x64
But AMD/Intel common enemy is Nvidia. Why would Intel publish fake story about AMD?

One thing we know is that NVIDIA has made a lot of enemies over the years. You can easily put AMD, Apple, and Intel on that list. We think that GPP is somewhat the result of those "feuds" with NVIDIA attempting to gain more control over the market as it is seeing its competitors developing products (ie AMD and Intel partnerships on products) that will not be open to NVIDIA.
 

the54thvoid

Super Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
13,058 (2.39/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
Wow. amdflaws.com is so well made. The website is clean, looks modern, with interview on green screen, motion design used to explain the flaws. They made a youtube channel just for that. It's not even technical they are explaining what's a cpu and a chipset.
They are checking all the point needed to impress someone who isn't tech-savyy.

That's remind me all of those video to learn how to make to money with a secret that banks and millionaire don't want to share.

Even IF this is end up to be true the effort they made on communication can't hide a malicious intent.

Yeah, I just had a good look at the website. :roll:

That is 100% marketing. Wow. The techy people here should pay attention to HOW news is delivered, not what the news is. Something normally techy is very bland and difficult for the layperson. The website that is hosting this paper is so damn spangly I want to buy what it's selling. It's actually, frighteningly professionally laid out. As if they had a really good push to make it look great. I mean really great.

I'm not saying Intel had a hand in this but ... no, really, I am.
 
Joined
Nov 23, 2013
Messages
359 (0.09/day)
Processor AMD Ryzen 7 3700X
Motherboard MSI B350 Tomahawk Arctic
Memory 4x8GB Corsair Vengeance LPX DDR4 3200Mhz
Video Card(s) Gigabyte 6700XT Gaming OC (2.80Ghz core / 2.15Ghz mem)
Storage Corsair MP510 NVMe 960GB; Samsung 850 Evo 250GB; Samsung 860 Evo 500GB;
Display(s) Dell S2721DGFA; Iiyama ProLite B2783QSU;
Case Cooler Master Elite 361
Power Supply Cooler Master G750M
I believe the technical term for all this is "pulling something out of one's ass" xD
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,852 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
As far as I'm aware, it's not very easy to get a signed driver for Windows these days, as Microsoft does a fair amount of testing, especially on drivers from new companies.
Just setup a company and buy a certificate from one of a handful certification companies. Microsoft does no testing of the driver and is not involved.

Driver signature is really just security through bureaucracy and a paywall.
 
Joined
May 7, 2009
Messages
5,392 (0.95/day)
Location
Carrollton, GA
System Name ODIN
Processor AMD Ryzen 7 5800X
Motherboard Gigabyte B550 Aorus Elite AX V2
Cooling Dark Rock 4
Memory G Skill RipjawsV F4 3600 Mhz C16
Video Card(s) MSI GeForce RTX 3080 Ventus 3X OC LHR
Storage Crucial 2 TB M.2 SSD :: WD Blue M.2 1TB SSD :: 1 TB WD Black VelociRaptor
Display(s) Dell S2716DG 27" 144 Hz G-SYNC
Case Fractal Meshify C
Audio Device(s) Onboard Audio
Power Supply Antec HCP 850 80+ Gold
Mouse Corsair M65
Keyboard Corsair K70 RGB Lux
Software Windows 10 Pro 64-bit
Benchmark Scores I don't benchmark.
How do I join the committee that gets to come up with these names?
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,664 (2.41/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Just setup a company and buy a certificate from one of a handful certification companies. Microsoft does no testing of the driver and is not involved.

Driver signature is really just security through bureaucracy and a paywall.

So why was there a big issue about this some years ago, with multiple companies complaining that Microsoft's certification was slowing down their driver release schedule? Or this is what we got instead of proper driver testing and signing?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,852 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
So why was there a big issue about this some years ago, with multiple companies complaining that Microsoft's certification was slowing down their driver release schedule? Or this is what we got instead of proper driver testing and signing?
You are confusing WHQL signed drivers (which are tested by MS to some degree) with plain loadable kernel mode drivers that are for no specific device. GPU-Z uses such a driver for example
 
Joined
Feb 18, 2005
Messages
5,847 (0.81/day)
Location
Ikenai borderline!
System Name Firelance.
Processor Threadripper 3960X
Motherboard ROG Strix TRX40-E Gaming
Cooling IceGem 360 + 6x Arctic Cooling P12
Memory 8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s) MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage 2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s) 3x AOC Q32E2N (32" 2560x1440 75Hz)
Case Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply Fractal Design Ion+ 2 Platinum 760W
Mouse Logitech G602
Keyboard Razer Pro Type Ultra
Software Windows 10 Professional x64
I feel like that's how it should have been reported here on TPU as well, with a fair amount of skepticism.

The way it's been reported here you'd never know it's shady as hell.

Let's all hold off on accusing something of being shady until we actually have a fuller picture, shall we?
 

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,664 (2.41/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
You are confusing WHQL signed drivers (which are tested by MS to some degree) with plain loadable kernel mode drivers that are for no specific device. GPU-Z uses such a driver for example

Ah, sorry, my bad. That makes more sense now.
 
Joined
Apr 10, 2013
Messages
302 (0.07/day)
Location
Michigan, USA
Processor AMD 1700X
Motherboard Crosshair VI Hero
Memory F4-3200C14D-16GFX
Video Card(s) GTX 1070
Storage 960 Pro
Display(s) PG279Q
Case HAF X
Power Supply Silencer MK III 850
Mouse Logitech G700s
Keyboard Logitech G105
Software Windows 10
Guys, we knew AMD was operating on a shoe string budget during Ryzen development. This is not surprising. Even if Intel had a hand in research, that isn't even a crime. Chevy does ads comparing the bed of the F150 with the Silverado steel vs aluminum. It would be negligent to just let AMD market their chips one way when the reality is another. Just analyze it, fix it, and move on. Ryzen is still a great product even if it needs some patches.
 
Joined
Jan 19, 2018
Messages
184 (0.07/day)
Processor AMD 5800X
Motherboard MSI X570 Tomahawk
Memory G.Skill 32GB
Software Windows 10
Let's all hold off on accusing something of being shady until we actually have a fuller picture, shall we?
So you're willing to ignore all the red flags that have already been posted here? Especially the 24 hours notice?

Other tech sites are reporting it with the same amount of skepticism: https://www.hardocp.com/news/2018/03/13/amd_cpu_attack_vectors_vulnerabilities
And http://www.tomshardware.com/news/amd-flaws-ryzenfall-masterkey-fallout-chimera,36656.html

Even if the reported "flaws" do exist, the way it's been done has been shady.
 

Veradun

New Member
Joined
Mar 13, 2018
Messages
19 (0.01/day)
They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."

So they can keylog and sniff network when in root mode? They are so good at hacking.

Laughable.
 

Te5lac0il

New Member
Joined
Mar 13, 2018
Messages
1 (0.00/day)
Amazing how many people comment on the title alone. People need too read an article before commenting. As many other has mentioned, the way the company presented these findings should, too any reasonable person, raise some red flags. But I suspect most people will swallow this hook, line and sinker.
 
Joined
Sep 14, 2017
Messages
625 (0.24/day)
Also, this is one of the saltiest forums on the internet. The amount of school girl fanboism is hilarious, I feel bad for the mods. Great site but garbage community, I would ban every salty users and just start from clean lol cause their holding ya back Techpowerup.


Heh, ban yourself while at it. You're the same, newbie.
 
Joined
Jan 4, 2017
Messages
431 (0.15/day)
Location
Ohio
Looking at this from a pure logical standpoint, the implications are massive, but I'd wait for verification of the findings. Also, anyone who didn't expect high sodium levels in this thread are fools.
 
Joined
Dec 16, 2017
Messages
2,919 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Low quality post by mtcn77
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
Sensationalism at its best, knew it was coming from 'let's pepper AMD for not sending us our review unit' news posts.
 
Joined
Sep 17, 2015
Messages
17 (0.01/day)
Processor AMD Athlon II x4 600e @2.6Ghz
Motherboard Gigabyte GA-M56S-S3
Cooling LC-CC-95
Memory Corsair XMS DDR2 2x2GB 800Mhz
Video Card(s) Gigabyte GTX 650
Storage WD SE 1TB
Display(s) Philips 233V5
Case Zalman Z3
Power Supply Antec VP 450
Mouse G300s
you know, i find this hilarious. not just the sheer bullshit these 2 'stralian kids are trying to do, but people who actually believe it as well.
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.46/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
Top