'

Researchers discover two new side-channel attacks for AMD processors

Meet 'Load+Reload' and 'Collide+Probe'. It was only a matter of time.

Researchers discover two new side-channel attacks for AMD processors

Researchers discover two new side-channel attacks for AMD processors

It was only a matter of time. While Intel has been hit with most newly discovered side-channel attacks, it was inevitable that AMD-exclusive attacks would start to appear. No architecture is 100% secure, and that includes Ryzen. 

Researchers at the Graz University of Technology have discovered two AMD-specific side-channel attacks called "Collide+Probe" and "Load+Reload", both of which involve AMD's L1D cache way predictor, a feature designed to enhance performance and reduce power consumption. This cache has been a part of AMD processors since 2011 and is still present on today's Zen 2 CPUs. 

AMD provided the following comments regarding the "Take A Way" series of reported vulnerabilities, stating that "AMD believes these are not new speculation-based attacks" after noting that the researchers had to "pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities". 

Below are AMD's full comments on the matter. 


  We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

- Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
- Following secure coding methodologies
- Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
- Utilizing safe computer practices and running antivirus software


At this time we hope that AMD will provide further clarity on this matter, as this will help AMD's customers to secure their systems. That said, existing mitigations appear to prevent aspects of these new attacks.  

Given AMD's statements regarding these attacks, systems with existing software and firmware mitigations for speculative execution attacks should already be safe from these new attacks. Furthermore, AMD's statements also cast doubt on whether or not these attacks are "new" in the first place. AMD seems to believe that these are merely new forms of already mitigated vulnerabilities. 

Researchers discover two new side-channel attacks for AMD processors  

You can join the discussion on AMD being hit by two "new" side-channel attacks on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

09-03-2020, 07:13:03

g0ggles1994
AMD have already responded:

https://www.reddit.com/r/Amd/comment...m_source=share

Long and short of it is that it requires an old exploit that's already been patched to make this workQuote

09-03-2020, 07:14:16

Warchild
Quote:
Originally Posted by g0ggles1994 View Post
AMD have already responded:

https://www.reddit.com/r/Amd/comment...m_source=share

Long and short of it is that it requires an old exploit that's already been patched to make this work
You just turn Intels smile into an instant frown. Quote

09-03-2020, 07:25:18

g0ggles1994
Quote:
Originally Posted by Warchild View Post
You just turn Intels smile into an instant frown.
So it should, haha
The timing of releasing this paper given Intel has had yet another exploit found is hilariousQuote

09-03-2020, 10:30:00

AlienALX
Quote:
Originally Posted by Warchild View Post
You just turn Intels smile into an instant frown.
haha, turn that frown upside down

TBH most of these are daft any way and require local access. I think the news, like any other sort of news, blows most of these out of proportion any way.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.