Security News > 2023 > August > Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.
Inception utilizes a previously disclosed vulnerability alongside a novel kind of transient execution attack, which the researchers refer to as training in transient execution, to leak information from an operating system kernel at a rate of 39 bytes per second on vulnerable hardware.
In this case, vulnerable systems encompasses pretty much AMD's entire CPU lineup going back to 2017, including its latest Zen 4 Epyc and Ryzen processors.
Despite the potentially massive blast radius, AMD is downplaying the threat while simultaneously rolling out microcode updates for newer Zen chips to mitigate the risk.
In a statement to The Register, AMD said "Any performance impact will vary depending on workload and system configuration, but AMD expects performance impacts from the microcode patch or BIOS update to be minimal. For Linux performance ... we're still assessing that mitigation."
Last month, we learned of Zenbleed, which can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets on older AMD Zen 2-based systems.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/09/amd_inception/
Related news
- Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks (source)
- Western Sydney University discloses security breaches, data leak (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Interlock ransomware claims DaVita attack, leaks stolen data (source)
- Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks (source)
- Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures (source)
- New Intel CPU flaws leak sensitive data from privileged memory (source)
- New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy (source)