AMD this week responded to the disclosure of a set of security vulnerabilities affecting its processors, acknowledging that the flaws exist and promising it will release fixes in the coming weeks. The flaws in question, disclosed last week by CTS-Labs, involve 13 critical security vulnerabilities (spread across four families: Masterkey, Fallout, RyzenFall, and Chimera) found throughout AMD's Ryzen and EPYC product lines.
AMD is quick to point out that the issues are not related to its "Zen" CPU architecture or the Meltdown and Spectre flaws disclosed earlier this year. Rather, they impact the AMD Secure Processor embedded in some products, as well as the chipset in some socket AM4 and TR4 platforms. Further, AMD claims that attackers seeking to exploit these flaws would require administrative access to execute them, meaning they'd already have unrestricted access to the system. From AMD:
Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.
In its original disclosure, CTS-Labs claimed that Masterkey, Ryzenfall, and Fallout could take "several months" to fix, but AMD says that it plans to release firmware patches "in the coming weeks." For more on AMD's planned release timeline, as well as the technical details surrounding each flaw, check out AMD's full response.