Security News > 2023 > August > Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.
Inception utilizes a previously disclosed vulnerability alongside a novel kind of transient execution attack, which the researchers refer to as training in transient execution, to leak information from an operating system kernel at a rate of 39 bytes per second on vulnerable hardware.
In this case, vulnerable systems encompasses pretty much AMD's entire CPU lineup going back to 2017, including its latest Zen 4 Epyc and Ryzen processors.
Despite the potentially massive blast radius, AMD is downplaying the threat while simultaneously rolling out microcode updates for newer Zen chips to mitigate the risk.
In a statement to The Register, AMD said "Any performance impact will vary depending on workload and system configuration, but AMD expects performance impacts from the microcode patch or BIOS update to be minimal. For Linux performance ... we're still assessing that mitigation."
Last month, we learned of Zenbleed, which can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets on older AMD Zen 2-based systems.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/09/amd_inception/
Related news
- Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today (source)
- Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks (source)
- Cardiff's children's chief confirms data leak 2 months after cyber risk was 'escalated' (source)
- Royal Mail investigates data leak claims, no impact on operations (source)
- Western Sydney University discloses security breaches, data leak (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)