AMD RyzenFall, MasterKey, Fallout, Chimera Mitigation Guide

The recently-discovered RyzenFall, MasterKey, Fallout and Chimera security flaws affecting AMD’s latest processor platforms are ruining the AMD Ryzen 2 pre-launch vibes. So it’s no surprise to see AMD working hard to fix the vulnerabilities.

In this article, we will share with you the latest AMD mitigation options for the RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities.

 

What’s Really Affected?

While it is accurate to say that the AMD Ryzen and AMD EPYC processors are affected by RyzenFall, MasterKey, Fallout and Chimera, these vulnerabilities do not affect the actual processor cores. Neither are they related to the Zen microarchitecture.

This makes them completely different from the Meltdown and Spectre vulnerabilities that have been “built into” over 2,800 CPU models!

Instead, the new RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities are found in:

  • the AMD Secure Processor (integrated into the new Ryzen and EPYC processors), and
  • the AMD Promontory chipsets that are paired with Ryzen and Ryzen Pro desktop processors.

The AMD Promontory chipset is used in many Socket AM4 desktop, and Socket TR4 high-end desktop (HEDT) platforms.

AMD EPYC, Ryzen Embedded, and Ryzen Mobile platforms do not use the Promontory chipset.

 

The AMD RyzenFall, MasterKey, Fallout + Chimera Mitigations

RyzenFall + Fallout

Issue : An attacker with administrative access can write to the AMD Secure Processor (PSP registers to exploit vulnerabilities in the interface between the x86 processor core and AMD Secure Processor.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware in the x86 System Management Mode (SMM). The access is not persistent across reboots.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

MasterKey (PSP Privilege Escalation)

Issue : An attacker with administrative access can write malicious firmware updates, without the AMD Secure Processor (PSP) detecting the “corruption”.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware. These changes are persistent, even following a system reboot.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

Chimera

Issue : An attacker with administrative access can install a malicious driver to access certain features in the AMD Promontory chipset.

Impact : The attacker can access physical memory through the Promontory chipset. The attacker can also install difficult-to-detect malware in the chipset, but this is not persistent across reboots.

Planned Mitigations : AMD will issue chipset patches through BIOS updates in coming weeks. No performance impact is expected.

 

Reading Suggestions

[adrotate group=”2″]

Go Back To > Guides | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Leave a ReplyCancel reply