Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary.

Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary.

The new attack method was discovered by researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security. They were among those who discovered the original Meltdown and Spectre vulnerabilities, research that paved the way for many other side-channel attack methods targeting widely used processors.

These side-channel attacks typically allow a malicious application installed on the targeted system to exploit CPU weaknesses in order to obtain potentially sensitive information, such as passwords and encryption keys, from memory associated with other apps.

New side-channel attacks on AMD CPUsMany of the side-channel attacks disclosed over the past years targeted Intel processors, but systems powered by AMD processors are not immune either, as the newly presented research shows.

The new attacks demonstrated by Lipp, Gruss and Schwarz leverage time and power measurements of prefetch instructions.

“In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information,” the researchers explained in the abstract of their paper.

They have demonstrated several attack scenarios, including one in which they mounted a Spectre attack to leak sensitive data from the operating system, and showed a new method for establishing a covert channel to exfiltrate data.

The researchers also claim to have identified the first “full microarchitectural KASLR (kernel address space layout randomization) break on AMD that works on all major operating systems.” KASLR is an exploit mitigation technique and the experts showed how an attacker could break it on laptops, desktop PCs, and virtual machines in the cloud.

The findings were reported to AMD in mid- and late 2020, and the vendor acknowledged them and provided feedback in February 2021.

Advertisement. Scroll to continue reading.

AMD has assigned the CVE identifier CVE-2021-26318 and a medium severity rating to the vulnerabilities. The chipmaker has confirmed that the issue impacts all of its processors, but it’s not recommending any new mitigations due to the fact that “the attacks discussed in the paper do not directly leak data across address space boundaries.”

AMD’s advisory lists a series of recommendations for mitigating side-channel attacks in general, such as keeping operating systems, software and firmware up to date, and following secure coding practices.

Lipp has confirmed for SecurityWeek that mitigations already exist for the attacks they have described, but noted that not all of them are enabled by default on AMD CPUs.

Lipp believes their latest research discusses some interesting properties of AMD processors that could fuel future research into side-channel attacks.

“For instance, we use RDPRU as a timing primitive as the typically used rdtsc instruction has a lower resolution on AMD. This allows to distinguish events with only a slight timing difference,” Lipp explained via email. “On the other hand, we use the reported energy consumption of the AMD driver to mount an attack. While this driver has now been removed from the Linux kernel, using this energy source could be interesting to mount other power side-channel attacks as we have shown on Intel with the PLATYPUS attacks.”

Earlier this year, researchers described a voltage glitching attack that shows AMD’s Secure Encrypted Virtualization (SEV) technology may not provide proper protection for confidential data in cloud environments.

Related: AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data

Related: PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption

Related: Researchers Show First Side-Channel Attack Against Apple M1 Chips

Related: New Side-Channel Attack Targets Intel CPU Ring Interconnect

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.