HPSBHF03581 rev. 4 - AMD Secure Processor and Promontory Chipset Exploits

Potential Security Impact

Circumvention of platform security controls, unauthorized access to system memory, installation of difficult to detect malware.

Source: CTS

Reported By: CTS

VULNERABILITY SUMMARY

Vulnerability

|

Description

|

Impact

—|—|—

MASTERKEY

|

Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption. Requires administrative access to the targeted system.

|

Circumvention of platform security controls. These changes are persistent following a system reboot.

RYZENFALL

|

Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system.

|

Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86).

FALLOUT

|

Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP). Requires administrative access to the targeted system.

|

Circumvention of platform security controls. These changes are not persistent following a system reboot. Attacker may install difficult to detect malware in SMM (x86).

CHIMERA

|

Attacker who already has compromised the security of a system installs a malicious driver that exposes certain Promontory functions. Requires administrative access to the targeted system.

|

Attacker accesses physical memory through the chipset. Attacker installs difficult to detect malware in the chipset but is not persistent across reboots.

Reference

<https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research&gt;[__](<https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research&gt; “External site.” ) (in English)

RESOLUTION

HP is working with AMD on relevant Firmware updates that will be incorporated into system BIOS releases that will be available in Softpaqs for the upcoming platform lists below. This bulletin is updated often. Check back frequently for updates.