Sections
Themes
Projects of "Ukrainian Truth"
Українська правда
Mezha Mezha

New vulnerabilities found in AMD chips, but they can't be exploited yet

Dmytro Dzhuhalyk - 10 July, 06:04 PM

AMD has discovered a new form of side-channel attack in its chips that exploits multiple vulnerabilities in many processors and can lead to the leakage of sensitive information. The company calls the attack Transient Scheduler Attack (TSA) and says it was discovered during an investigation by Microsoft, The Register reports.

These four vulnerabilities, at first glance, did not receive a high threat level, two of them are marked as "medium", another two as "low", but Trend Micro and CrowdStrike still rated the threat as "critical". The low threat rating is due to the difficulty of access, as only an attacker running code on the target machine can exploit them.

To exploit these vulnerabilities, attackers would need to gain local access to the device, either through malware or a virtual machine. AMD, for its part, says that TSA cannot be implemented through malicious websites, and the attacks themselves would need to be performed multiple times to successfully access any data.

The vulnerability itself is based on the phenomenon of "false completion" of a memory load, where the processor expects a fast load, but a condition occurs that prevents this. Because the load did not complete, the data is considered invalid, and the load will be retried later. However, this data will not be permanently cleared. In processors affected by TSA, this data can affect the execution time of other instructions in a way that attackers can detect.

The company divides this vulnerability into two types. The first is TSA-SQ. In this case, an instruction mistakenly retrieves data stored in a write queue when it is not yet available. If the scheduler mistakenly allows this read before the write is complete, the instruction will receive temporary data that an attacker can output. This also applies to data from the OS kernel from previously loaded storage, even if they were executed in a different context.

The second option, TSA-L1. This vulnerability is caused by an error in attempting to use L1 cache microtags for lookups. AMD processors may assume that data is already in the cache when it is not. This will result in incorrect data being loaded, which an attacker could learn about.

AMD notes that processors that could be at risk from these vulnerabilities include chips for desktops, mobile devices, and data centers, including 3rd and 4th generation EPYC. Microsoft notes that these attacks are not only difficult to execute, but also require significant resources. At this time, no known exploit code has been found anywhere.

Technologies AMD
Load more
On the subject
FPV are attacking residents of Nikopol, Kherson and other frontline cities. Can EW protect them?
North Korea provides Russia with up to 40% of its ammunition – Budanov
Once OpenAI reaches AGI, Microsoft will lose access to the company's new models