On March 13, 2018, security researchers from CTS Labs publicly disclosed vulnerabilities discovered in certain AMD silicon, named MASTERKEY, RYZENFALL, FALLOUT, and CHIMERA. Phoenix’s UEFI firmware is not vulnerable to these attacks. Rather, attackers can take advantage of current designs in the AMD silicon to circumvent certain security controls and inject malware.
AMD has completed an assessment of the threats and provided a response regarding potential impacts and mitigation plans as stated on AMD’s corporate community blog. In short, AMD has determined that exploiting these vulnerabilities requires “administrative access to the system”, and that this level of access would provide an attacker with “a wide range of attacks well beyond the exploits identified” by CTS Labs. Nevertheless, the impact of a successful attack is a concern.
These vulnerabilities can be mitigated with a patch through a UEFI firmware update. Phoenix is working closely with AMD to deliver the relevant updates to our valued customers and authorized distributors as they are made available to us. For devices that include Phoenix’s UEFI firmware, please apply updates immediately once the patch is available. For end users, Phoenix recommends applying all firmware updates provided by your computing device manufacturer.
CVE-2018-8930, CVE-2018-8931, CVE-2018-8932, CVE-2018-8933, CVE-2018-8934, CVE-2018-8935, CVE-2018-8936