AMDs processors from as early as 2011 through to 2019 are carrying vulnerabilities that are as yet unpatched, according to some freshly published research.
Known as Take A Way (every security problem needs a snappy name, of course), security researchers said that they reverse-engineered the L1D cache way predictor in AMD silicon in order to discover two new potential attack vectors.
Given all the attention which has been focused on the flaws in Intels CPUs in recent times vulnerabilities which havent affected AMD chips in a number of cases this might just serve as a reminder that no ones silicon is bulletproof.
As spotted by Toms Hardware, Graz University of Technology released a paper detailing the vulnerabilities which AMD was informed of back in August 2019, although as mentioned, a fix has yet to be deployed.
The pair of exploits, dubbed Collide+Probe and Load+Reload, are side channel attacks (in the same vein as Spectre) that manipulate the aforementioned L1D cache predictor in order to access data that should otherwise be secure and unobtainable.
The paper (a PDF shared on Twitter by researcher Moritz Lipp) explains: With Collide+Probe, an attacker can monitor a victims memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core.
With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.
The paper doesnt just outline the problems here, though, but also provides potential solutions through both hardware and software mitigations, although no comment is made on whether software patches might be detrimental to system performance (as you may recall, there was a big fuss about this when it came to fixing Meltdown and Spectre).
AMD has yet to comment on the affair, but were guessing that situation will change soon enough.
As an interesting side-note, Toms observes that Hardware Unboxed spotted that additional funding for the paper came from Intel, and questions have been raised by some about potential conflicts of interest in that respect.
Another of the researchers, Daniel Gruss, addressed the matter on Twitter to note that he wouldnt accept any funding which restricted his academic freedom and independence.
https://t.co/Z6LZoT4y3QOf course we could have just dropped that phd student off the paper instead 😉I’m happy that my funding sources do not restrict my academic freedom and independence. Otherwise I couldn’t accept that funding.March 7, 2020