Coming on the heels of recent news that there is an unfixable vulnerability in Intel processors from the last five years, security researchers have identified a vulnerability in AMD processors from the last nine years as well.
A paper by researchers from the Graz University of Technology, first reported on by Tom’s Hardware, describes two attacks, Collide+Probe and Load+Reload, which are a subset of the “Take A Way” vulnerability and are based on a Spectre attack. The vulnerability is found in all AMD processes released between 2011 and 2019, including the Zen microarchitecture.
“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers wrote in the paper. “With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.”
Fixes may compromise performance
These are what are called side-channel attacks, which can be deployed by exploiting vulnerabilities in JavaScript via internet browsers such as Google Chrome or Mozilla Firefox. The researchers did suggest both hardware and software fixes which could protect against the vulnerabilities, but these may involve a tradeoff in performance as most Spectre fixes have done. The suggestions include temporarily disabling the processor’s way predictor to prevent attacks, using a keyed mapping function, and flushing the way predictor after use. These fixes are all things that would have to be engineered by AMD, so if you are a regular user then there’s not much you can do except wait to see what security measures AMD will bring in.
This is some controversy around the findings of this paper, as the acknowledgments section includes mention of funding from Intel, first spotted by Hardware Unboxed: “Additional funding was provided by generous gifts from Intel.” This is not unusual in academic research, however, and the lead author responded on Twitter that he discloses the funding Intel provides to some of his students on all of his papers.