Last week, on March 12, security researchers from CTS Labs have publicly disclosed not one but four vulnerabilities in some of AMD’s products, including AMD Secure Processor or “PSP” firmware, which manages the embedded security control processor, as well as the “Promontory” chipset used in several socket AM4 and TR4 desktop platforms.
The CPU flaws are known as MasterKey, RyzenFall, Fallout, and Chimera, and could allow attackers to bypass the platform security controls and install hard-to-detect malware in SMM (x86) or access the computer’s physical memory through the chipset. However, AMD says that all these vulnerabilities required administrative privileges, which means they have limited impact.