Security News > 2020 > March > 9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks
2020-03-09 07:20

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.

Known as "Take A Way," the new potential attack vectors leverage the L1 data cache way predictor in AMD's Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption.

In other words, the two attack techniques can be employed to exfiltrate sensitive data from another process, sharing the same memory as the attacker or a process that's running on a different logical core of the CPU. To demonstrate the impact of the side-channel attacks, the researchers established a cache-based covert channel that exfiltrated data from a process running on the AMD CPU to another stealthy process, achieving a maximum transmission rate of 588.9kB/s using 80 channels in parallel on the AMD Ryzen Threadripper 1920X processor.

With AMD's EPYC processors being embraced by popular cloud platforms such as Amazon, Google, and Microsoft, the fact that these attacks can be carried out in a cloud setting poses significant concerns.

This is not the first time AMD processors have been found to be vulnerable to CPU attacks, including Spectre, forcing the company to release a slew of patches.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ReRmA2cRfJQ/amd-processors-vulnerability.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
AMD 892 5 120 122 27 274