Security News > 2020 > March > A decade's worth of AMD chips offer data takeaway via a side channel but AMD yawns and says 'meh, not an issue'

A decade's worth of AMD chips offer data takeaway via a side channel but AMD yawns and says 'meh, not an issue'
2020-03-09 21:10

AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper.

In a paper [PDF] titled, "Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors," six boffins - Moritz Lipp, Vedad Hadžić, Michael Schwarz, and Daniel Gruss, Clémentine Maurice, and Arthur Perais - explain how they reverse-engineered AMD's L1D cache way predictor to expose sensitive data in memory.

For Load+Reload, the ability to run unprivileged native code on the target machine is also assumed, with the attacker and victim on the same physical but different logical CPU thread. Local access is not a requirement for these attacks; the researchers demonstrated their techniques on sandboxed JavaScript and a virtualized cloud environments.

"We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," the company said.

"The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/09/amd_chips_sidechannel/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
AMD 892 5 120 122 27 274