Security News > 2023 > August > Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.

Inception utilizes a previously disclosed vulnerability alongside a novel kind of transient execution attack, which the researchers refer to as training in transient execution, to leak information from an operating system kernel at a rate of 39 bytes per second on vulnerable hardware.

In this case, vulnerable systems encompasses pretty much AMD's entire CPU lineup going back to 2017, including its latest Zen 4 Epyc and Ryzen processors.

Despite the potentially massive blast radius, AMD is downplaying the threat while simultaneously rolling out microcode updates for newer Zen chips to mitigate the risk.

In a statement to The Register, AMD said "Any performance impact will vary depending on workload and system configuration, but AMD expects performance impacts from the microcode patch or BIOS update to be minimal. For Linux performance ... we're still assessing that mitigation."

Last month, we learned of Zenbleed, which can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets on older AMD Zen 2-based systems.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/08/09/amd_inception/