On March 13, 2018, security researchers from CTS Labs publicly disclosed vulnerabilities discovered in certain AMD silicon, named MASTERKEY, RYZENFALL, FALLOUT, and CHIMERA. Attackers can take advantage of current designs in the AMD silicon to circumvent certain security controls and inject malware.
AMD has completed an assessment of the threats and provided a response regarding potential impacts and mitigation plans as stated on AMD’s corporate community blog. In short, AMD has determined that exploiting these vulnerabilities requires “administrative access to the system”, and that this level of access would provide an attacker with “a wide range of attacks well beyond the exploits identified” by CTS Labs. Nevertheless, the impact of a successful attack is a concern.
FirmGuard recommends applying all firmware updates provided by your computing device manufacturer.
CVE-2018-8930, CVE-2018-8931, CVE-2018-8932, CVE-2018-8933, CVE-2018-8934, CVE-2018-8935, CVE-2018-8936