AMD CPUs (from 2011) vulnerable to side channel attacks

[German]Most AMD processors, which has been introduced since 2011, are vulnerable to side channel attacks, as security researchers have now revealed in a new study.


In a new paper, researchers from Graz University of Technology describe two new "Take A Way" side channel attacks on AMD CPUs. The attack methods Collide+Probe and Load+Reload allow to access secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability affects all AMD processors from 2011 to 2019 (so Zen microarchitecture is also affected. Tom's Hardware describes the topic here. The security researchers from Graz write:

"We reverse-engineered AMD's L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim's memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions."

The PDF document the security researchers has published shows the following table of affected CPUs..

Betroffene CPUs
(Source: White-Paper University Graz)

The researchers were able to exploit the vulnerability via JavaScript, with the attack being executed in Chrome and Firefox as a browser. The researchers also gained access to AES encryption keys. The vulnerability could allegedly also be used to infiltrate the data center cloud.

The researchers' white paper suggests several possible remedies for the vulnerability through a combined software and hardware approach, but does not speculate on the performance degradation associated with the proposed fixes. The researchers also noted that, unlike the Spectre and Meltdown vulnerabilities, only "a few metadata bits" can be tapped, rather than providing full access to the data.


AMD issues a security adversory

AMD published a security advisory on this website on March 7 , 2020 about the vulnerabilities. 

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

  • Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
  • Following secure coding methodologies
  • Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
  • Utilizing safe computer practices and running antivirus software

The security advisory is in itself quite nebulous and does not contain any concrete advice on what can be done to prevent attacks. Researchers at the University of Graz say that they disclosed the vulnerabilities to AMD on August 23, 2019. It looks as if there is no fix yet. Details can be found in the researchers' PDF file and in this article

Similar articles:
Updated NSA Guidance on Side-Channel Vulnerabilities
New SplitSpectre-Attack; Windows Retpoline Spectre Mitigation
Intel proposal SAPM protection (Meltdown, Spectre)
Vulnerability in 'Intel x86 Root of Trust'

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *