AMD processors manufactured between 2011 and 2019 are found to be vulnerable to two new attacks which impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.
The research team who revealed this said that they have notified AMD of the two issues in August 2019. But the company did not release microcode (CPU firmware) updates, claiming these “are not new speculation-based attacks.”
The two new attacks target a feature of AMD CPUs called the L1D cache way predictor. This feature which was introduced in AMD processors in 2011 along with the Bulldozer microarchitecture, is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.
The research team comprising of six academics — from the Graz University of Technology in Austria and the University of Rennes in France discovered these attacks when they reverse-engineered the “undocumented hashing function” that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.
These researchers recreated a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.
The two new attacks are named Collide+Probe attack and Load+Reload. The two attacks can be used to monitor how processes interact with the AMD cache, and then leak small parts of data from other apps.
Attacks on CPUs and their caches were there in plenty before and it becomes dangerous only if they can be exploited in the wild.
The Collide+Probe and Load+Reload bugs can be exploited in real-world scenarios, even without the need of physical access, special equipment, or to break apart computer cases to connect to hidden ports.
It is a relief to note that this attack vector can be patched. The researchers provided various mitigations and countermeasures in their research paper.
However, AMD has posted a message in its security portal, denying that these two new attacks are a concern, claiming that the two new attacks “are not new speculation-based attacks. ” They claim that they could be mitigated through previous patches for speculative execution side channel vulnerabilities.
The researchers claim this response to be rather misleading and that AMD had never engaged with their team after the initial report last August. They also stated that the attacks still work on fully-updated operating systems, firmware, and software even now.