AMD says CTS Labs vulnerabilities can be patched with new firmware
Amid the tumult that CTS Labs stirred up with its questionably-conducted disclosure of a range of potential vulnerabilities in AMD hardware last week, it's important to remember that those vulnerabilities are, by the accounts of all who have seen proof-of-concept code, legitimate. While the vulnerabilities generally require administrative rights to exploit, they reward that privilege escalation with the potential to compromise a system's hardware root of trust or install persistent malware. Today, AMD announced plans to begin mitigating the four categories of exploits that CTS Labs revealed through its disclosure. Happily, the company believes it can safeguard its processors and chipsets against all of these vulnerabilities through firmware updates.
As a brief refresher, the so-called "Masterkey" vulnerability allows an attacker to compromise the AMD Secure Processor, an integrated ARM core that handles some platform security functions for some Ryzen and Epyc systems, by installing a corrupted firmware that the Secure Processor does not detect during its own self-checks. Once the Secure Processor is compromised in this way, ...