Two vulnerabilities discovered in AMD Ryzen and EPYC CPUs

Posted on Monday, Mar 09 2020 @ 10:07 CET by Thomas De Maesschalck
AMD logo
A team of international security researchers discovered that all AMD processor architectures since 2011 are vulnerable to two side-channel attacks that leak a bit of meta-data. The "Collide + Probe" and "Load + Reload" vulnerabilities exploit the L1-data (L1D) cache way predictor of AMD's processors. Collectively called "Take A Way", these bugs are less severe than the Meltdown and Zombieload vulnerabilities found on the Intel platform, which leak tons of actual data.

TechSpot explains the flaws over here:
In both new exploits, collectively called "Take A Way" flaws, attacking software begins by picking an address corresponding with the target data’s address. The attacker then accesses the data stored in their version of the address, but that creates a link based on the address within the cache and the way predictor. The route the processor will take to access that address next time is guaranteed to be quite quick. But if the address is triggered a third time, then the processor will get to it slowly.

All the attacker has to do, then, is bring up that address at regular intervals. If it comes up quick then the victim hadn’t accessed it during the interval, but if it takes a while, it was accessed. This allows the attacker to monitor when the victim accesses data stored within the processor, without knowing where that data is, and without the requirement of sharing memory with the victim.
AMD was made aware of these flaws in August 2019. Here is AMD's response:
We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

  • Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
  • Following secure coding methodologies
  • Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
  • Utilizing safe computer practices and running antivirus software

  • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

    Loading Comments