AMD Processors Vulnerable to Two New Side-Channel Attacks

Started by JeGX, March 09, 2020, 06:51:17 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.

Known as "Take A Way," the new potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD's Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption.

The research was published by a group of academics from the Graz University of Technology and Research Institute of Computer Science and Random Systems (IRISA), who responsibly disclosed the vulnerabilities to AMD back in August 2019.

"We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," AMD said in an advisory posted on its website over the weekend.

"The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks."

While the notification doesn't go into specifics about mitigating the attack, Vedad Hadžić, one of the key researchers on the paper, said the vulnerability is still open to active exploitation.

Collide+Probe and Load+Reload Attacks

Like the Intel Spectre attack, the pair of exploits — dubbed Collide+Probe and Load+Reload — manipulate the aforementioned L1D cache predictor in order to access data that should otherwise be secure and inaccessible.

- Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
- 9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks