AMD Product Security

UPDATED 2/24/21 (originally posted 11/10/2020)

RAPL (CVE-2020-12912)

In a paper titled, "PLATYPUS:  Software-based Power Side-Channel Attacks on x86", researchers from Graz University of Technology and CISPA Helmholtz Center for Information Security describe a differential power analysis method to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.

In line with industry partners, AMD has updated the RAPL interface to require privileged access. The change is in the process of being integrated into Linux distributions.

TPM Vulnerability - Non orderly shutdown failed tries (CVE-2020 12926)

AMD was notified by the Trusted Computing Group (TCG) that its Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off.   This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.  

AMD has provided mitigations to motherboard vendors.

Privilege Escalation in atillk64.sys (CVE-2020-12927)

A researcher (h0mbre pwner) notified AMD of a potential vulnerability in a driver created with the AMD VBIOS Flash Tool Software Development Kit (SDK). The disclosed vulnerability may allow low privileged users to potentially escalate privilege to administrator privileges on Windows. The potential vulnerability is in the AMD VBIOS Flash Tool Software Development Kit (SDK) used by customers to create drivers. AMD has provided mitigations in the AMD VBIOS Flash Tool Software Development Kit (SDK) 3.12.

Escape Handler (CVE-2020-12933)

10/13/2020

Our ecosystem collaborator Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition available here.

AMD believes that confidential information and long-term system functionality are not impacted, and users can resolve the issue by restarting the computer.  

A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.

AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928)

10/13/2020

A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen™ Master and that a remote attack has not been demonstrated. The latest version of the software is available for download at https://www.amd.com/en/technologies/ryzen-master.

We thank the researcher for the ongoing collaboration and coordinated disclosure.

CreateAllocation (CVE-2020-12911)

10/7/2020

Our ecosystem collaborator Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. AMD believes that confidential information and long-term system functionality are not impacted, and that the user can resolve the issue by restarting the computer. AMD plans to issue updated graphics drivers to address the issue in the first quarter of 2021.

The research finds that a specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from non-privileged accounts.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.

Pixel Shader on Hyper-V (CVE-2020-6100, CVE-2020-6101, CVE-2020-6102, CVE-2020-6103)

7/14/20

New research from our ecosystem collaborator Cisco Talos explores potential vulnerabilities in a specific virtual machine (VM) configuration using AMD GPU or APU processors. AMD will issue updated graphics drivers to help remediate the issues in September 2020.

The research finds that on a compromised Windows guest Microsoft Hyper-V VM based on an AMD GPU or APU with an AMD graphics driver installed and with Microsoft’s RemoteFX 3D feature enabled, an attacker could potentially pass maliciously malformed pixel shaders and gain access to a host machine.

RemoteFX 3D is a Microsoft feature that was previously discontinued as a new feature for VMs running Windows 10 in 2018 and in Windows Server in 2019. On July 14, 2020, Microsoft released an advisory announcing the immediate disabling and eventual removal of its RemoteFX 3D feature.

AMD will issue updated graphics drivers to remediate these issues for existing VMs that use the RemoteFX 3D feature in September 2020 on the AMD Support webpage for AMD customers that purchased an AMD GPU or APU. For original equipment manufacturer (OEM) and add-in-board (AIB) products, AMD recommends users contact the manufacturer.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.

SMM Callout Privilege Escalation (CVE-2020-12890)

6/17/20

AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.

The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

AMD believes this only impacts certain client and embedded APU processors launched between 2016 and 2019. AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches. End users with questions about whether their system is running on these latest versions should contact their motherboard or original equipment/system manufacturer.

We thank Danny Odler for his ongoing security research.

TRRespass (CVE-2020-10255)

UPDATED 5/22/20 (originally posted 3/10/20)

AMD is aware of new research related to an industry-wide DRAM issue called TRRespass whereby researchers demonstrated a method that claims to bypass existing Targeted Row Refresh (TRR) mitigations. AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications, and we have enabled platform providers with an expanded set of controls that can be configured into their BIOS’ in consultation with DRAM vendors. Susceptibility varies based on DRAM device, vendor, technology and system settings.

AMD recommends contacting the DRAM or system manufacturer to determine any susceptibility to this issue, in addition to enabling existing DRAM mitigations that reduce a system’s susceptibility to Row Hammer-style attacks like TRRespass, including:

• Using DRAM supporting Error Correcting Codes (ECC)
• Using DRAM and memory controllers supporting Targeted Row Refresh (TRR)
• Using memory refresh rates above 1x
• Using AMD CPUs with memory controllers that support a Maximum Activate Count (MAC)

We thank the researchers for their collaboration and participating in the industry best practice of coordinated disclosure. For more information on their research, visit their website.
 

Take A Way

3/7/20

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

• Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
• Following secure coding methodologies
• Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
• Utilizing safe computer practices and running antivirus software

Shader Functionality Remote Code Execution (CVE-2019-5049, CVE-2019-5098, CVE-2019-5146, CVE-2019-5147, CVE-2019-5124, CVE-2019-5183)

UPDATED 1/27/20 and 12/3/19 to add new CVE# (originally posted 9/16/19)

Through ongoing collaboration with industry partners, AMD became aware of a potential vulnerability in a specific virtual machine application when using an AMD GPU or APU and has delivered an updated graphics driver to remediate the exploit.

The specific conditions of this exploit require a virtual machine with an AMD GPU or APU running VMware Workstation Pro on a compromised guest Windows OS. Under these conditions, an attacker could modify a compiled shader and use it to expose sensitive user information. AMD updated the kernel mode driver code in its graphics drivers starting with version 19.8.1 to remediate this application exploit.

The updated graphics drivers are available on the AMD Support webpage for AMD customers that purchased an AMD GPU or APU. For original equipment manufacturer (OEM) and add-in-board (AIB) products, AMD recommends users contact the manufacturer.

We thank Cisco Talos for their collaboration on this matter and allowing us the necessary time to prepare mitigations. For more information, visit their website.

Screwed Drivers 

8/11/19 

At AMD, security is a top priority. We were made aware of the public disclosure of potential industry-wide, driver-related vulnerabilities on August 11, 2019 and, after gaining new information from the researcher, AMD now believes this is related to a disclosure communicated to us earlier this year regarding the AMDVBFlash graphics driver tool that was temporarily made available on our website so early adopters of older AMD graphics products could perform a needed Video BIOS refresh and has since been removed. AMD is continuing to investigate the issue to determine if any other of our drivers may be affected. 

SWAPGS (CVE-2019-1125)

8/6/19

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.

Specific details by published description:

Secure Encrypted Virtualization Invalid ECC Curve Points (CVE-2019-9836)

6/25/19

At AMD, security remains a top priority and we continue to work to identify any potential risks for our customers. Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior. AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk.

RamBleed (CVE-2019-0174)

6/12/19

Researchers reported a new vulnerability called RamBleed that exploits the electrical interaction between close-packed DDR3 and DDR4 DRAM circuitry to potentially expose kernel privileges and confidential information. Based on our internal analysis, AMD believes the industry-known mitigations for RowHammer, in addition to AMD Secure Memory Encryption (SME) and AMD Secure Encrypted Virtualization (SEV), protect against RamBleed.

Previous RowHammer Guidance

The RowHammer issue identified in the Google release is an industry-wide DRAM issue that affects DRAMs manufactured on newer process technologies that are not designed to address this issue.  AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications.

The possibility of this issue happening on a system depends on the DRAM in the system. Susceptibility to this issue varies by DRAM vendor, technology, and DRAM device. Contact your system vendor to see if you have susceptible DRAM.

Mitigations include:

• Upgrade the system BIOS to double the refresh rate to reduce the error rate; or
• Use memory manufactured on older and unaffected technologies or newer memory that has design fixes to address this problem and upgrade your BIOS to recognize the newer memory.

Fallout, Rogue In-Flight Data Load (RIDL), and ZombieLoad Attack (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091) 

5/14/19

At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so. 

For more information, see our new white paper, titled “Speculation Behavior in AMD Micro-Architectures.”

SPOILER (CVE-2019-0162)

3/15/19

We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. AMD processors do not use partial address matches above address bit 11 when resolving load conflicts. 

SplitSpectre

12/6/18

AMD is aware of the latest research published claiming new approaches to speculative execution attacks called SplitSpectre. AMD believes the mitigation is to implement our existing speculative execution recommendations.

PortSmash (CVE-2018-5407)

11/27/18

AMD does not believe the PortSmash issue (https://seclists.org/oss-sec/2018/q4/123) is related to previously found speculative execution issues like Spectre.  Instead, AMD believes the issues are related to any processor that uses simultaneous multithreading (SMT), including those from AMD, that is vulnerable to software that exposes the activity of one process to another running on the same processor. We believe this issue can be mitigated in software by using side-channel counter measures. For example, OpenSSL, which was used in the researcher’s proof of concept, has already been updated to address this type of attack.  

AMD Response to Systematic Evaluations of Transient Execution Variants

11/13/18

AMD is aware of the latest research published claiming new speculative execution attacks. AMD believes it is not vulnerable to some of these attacks because of the hardware paging architecture protections in AMD devices and, for those that are not solved by our paging architecture protections, the mitigation is to implement our existing recommendations.

Specific recommendations by published description:

New Variants of Spectre v1 – AMD recommends implementing existing mitigations

• Pattern History Table - Cross Address - Out of Place (PHT-CA-OP)
• Pattern History Table - Cross Address - In Place (PHT-CA-IP)
• Pattern History Table - Same Address - Out of Place (PHT-SA-OP)

New Variants of Spectre v2 – AMD recommends implementing existing mitigations

• Branch Target Buffer - Same Address - In Place (BTB-SA-IP)
• Branch Target Buffer - Same Address - Out of Place (BTB-SA-OP)

New Variant of Meltdown

• Meltdown-BK – AMD believes this does not affect its platforms because AMD does not have this feature in its products

New Variant of Spectre v1 – referred by researchers as a Meltdown variant

• Meltdown-BD – AMD believes 32-bit systems using the BOUND instruction may be impacted and recommends implementing existing mitigations for Spectre v1 for such systems.

2018 Firmware TPM Updates

9/26/18

Earlier this year, AMD disclosed mitigations related to potential security vulnerabilities for AMD firmware Trusted Platform Module (fTPM) versions v.96, v1.22, and v1.37. AMD believes the fTPM vulnerabilities only apply to some of its client processors as fTPM is not enabled on AMD server, graphics and embedded products. AMD has delivered a patch to PC manufacturers to address the issue.

Microsoft Windows users can verify their fTPM version and find instructions to clear the TPM at: https://docs.microsoft.com/en-us/windows/device-security/tpm/initialize-and-configure-ownership-of-the-tpm

AMD has recommended that PC manufacturers qualify and release an updated BIOS integrating the fTPM patch, as appropriate, into production at the next available opportunity and provide guidance to end users to apply fixes as defined based on the product. For fTPM v1.37, AMD has notified PC manufacturers that they should consider updating the system BIOS ahead of clearing the fTPM to help protect generated platform-level keys.

AMD recommends users contact their PC manufacturer for platform-specific instructions as a part of following best security practices to keep devices up-to-date with the latest patches.

Foreshadow (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)

8/14/18 – Updated

As in the case with Meltdown, we believe our processors are not susceptible to these new speculative execution attack variants: L1 Terminal Fault – SGX (also known as Foreshadow) CVE 2018-3615, L1 Terminal Fault – OS/SMM (also known as Foreshadow-NG) CVE 2018-3620, and L1 Terminal Fault – VMM (also known as Foreshadow-NG) CVE 2018-3646, due to our hardware paging architecture protections. We are advising customers running AMD EPYC™ processors in their data centers, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms.

Spectre Mitigation Update

7/13/18

This week, a sub-variant of the original, Google Project (GPZ) variant 1 / Spectre security vulnerability was disclosed by MIT. Consistent with variant 1, we believe this threat can be mitigated through the operating system (OS). AMD is working with the software ecosystem to mitigate variant 1.1 through operating system updates where necessary. We have not identified any AMD x86 products susceptible to the Variant 1.2 vulnerability in our analysis to-date. Please check with your OS provider for the latest information.

AMD has also updated related portions of the Software Techniques for Managing Speculation on AMD Processors white paper.

TLBleed

7/12/18

Based on our analysis to date we have not identified any AMD products that are vulnerable to TLBleed side channel attack identified by researchers.   Security remains a top priority and we will continue to work to identify any potential risks for our customers and, if needed, potential mitigations.

LazyFPU (CVE-2018-3665)

6/18/18

Based on our analysis to date, because of our unique processor implementation we currently do not believe our products are susceptible to the resent security vulnerability identified around lazy FPU switching

“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms

5/21/18

Today, Microsoft and Google Project Zero researchers have identified a new category of speculative execution side channel vulnerability (Speculative Store Bypass or SSB) that is closely related to the previously disclosed GPZ/Spectre variant 1 vulnerabilities.  Microsoft has released an advisory on the vulnerability and mitigation plans. 

AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). For technical details, please see the AMD white paper. Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process.  Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.

Based on the difficulty to exploit the vulnerability, AMD and our ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation.

We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.

As a reminder, security best practices of keeping your operating system and BIOS up-to-date, utilizing safe computer practices and running antivirus software are always the first line of defense in maintaining device security.

Spectre Mitigation Update

4/10/18  (Updated 5/8/18 to reflect Microsoft release of Windows Server 2016)

Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.

As a reminder, GPZ Variant 1 (Spectre) mitigation is provided through operating system updates that were made available previously by AMD ecosystem partners. GPZ Variant 3 (Meltdown) does not apply to AMD because of our processor design. 

While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk. A white paper detailing the AMD recommended mitigation for Windows is available, as well as links to ecosystem resources for the latest updates. 

Operating System Updates for GPZ Variant 2/Spectre

Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing. (Note: May 8, 2018 Microsoft released an operating system update for Windows Server 2016.)

AMD Microcode Updates for GPZ Variant 2/Spectre

In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first “Bulldozer” core products introduced in 2011. 

AMD customers will be able to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers.  Please check with your provider for the latest updates.

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop solutions to protect users from security threats.