Ddos 
According to an Israeli security company CTS-Labs study, there are as many as 13 high-security vulnerabilities in the AMD Zen CPU architecture, which are no less harmful than fuses and ghost holes.
These vulnerabilities affect AMD Ryzen desktop processor, Ryzen Pro enterprise processor, Ryzen mobile processor, and EPYC data center processor. The EPYC data center processor has different platforms for different vulnerabilities. 21 of them have been successfully used, and 11 of them have been exploited.
The use of these vulnerabilities can cause many serious harms to the AMD Zen platform, including controlling the Ryzen/EPYC security processor, controlling the Ryzen motherboard, infecting AMD processors with malware, stealing corporate network sensitive information, bypassing almost all terminal security software, Causes physical damage to the hardware.
These vulnerabilities fall into four categories:
- Masterkey
It includes three loopholes that affect the entire Zen architecture product. It exists in the Secure Boot function and can modify the system BIOS with a special Ring 0 privilege level software to bypass the security check. The reason for this vulnerability is that the AMD Zen-architecture-integrated security processor (a 32-bit Cortex-A5 architecture module) does not use its own separate physical memory space, but rather shares system memory. - Ryzenfall
Including four vulnerabilities, the full range of Ryzen is affected, as is the Zen security processor, which can lead to the disclosure of public and private keys and execute at the chip level due to defects in the design of security processors and integrated memory controllers.
In addition, the vulnerabilities can bypass Windows Defender Credentials Guard, which is used to save and authenticate passwords, as well as other security features, and can even be used to spread to other computers. - Fallout
There are three vulnerabilities that can open up the virtual machine and host. The attack object is the server -level EPYC. - Chimera
Including two vulnerabilities, not for the processor, but the supporting 300 series chipset. Researchers have found that a keylogger can be inserted into the chipset through the network and then through the motherboard BIOS because it is stored in an 8-pin serial ROM connected to the chipset.
Researchers have published white papers on related vulnerabilities, but they hide technical details for protection purposes and also provide solutions. AMD has 90 days to repair them.
AMD issued an official statement on this for the first time:
“We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.”
Donate