Security Experts:

Connect with us

Hi, what are you looking for?



Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary.

Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary.

The new attack method was discovered by researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security. They were among those who discovered the original Meltdown and Spectre vulnerabilities, research that paved the way for many other side-channel attack methods targeting widely used processors.

These side-channel attacks typically allow a malicious application installed on the targeted system to exploit CPU weaknesses in order to obtain potentially sensitive information, such as passwords and encryption keys, from memory associated with other apps.

New side-channel attacks on AMD CPUsMany of the side-channel attacks disclosed over the past years targeted Intel processors, but systems powered by AMD processors are not immune either, as the newly presented research shows.

The new attacks demonstrated by Lipp, Gruss and Schwarz leverage time and power measurements of prefetch instructions.

“In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information,” the researchers explained in the abstract of their paper.

They have demonstrated several attack scenarios, including one in which they mounted a Spectre attack to leak sensitive data from the operating system, and showed a new method for establishing a covert channel to exfiltrate data.

The researchers also claim to have identified the first “full microarchitectural KASLR (kernel address space layout randomization) break on AMD that works on all major operating systems.” KASLR is an exploit mitigation technique and the experts showed how an attacker could break it on laptops, desktop PCs, and virtual machines in the cloud.

The findings were reported to AMD in mid- and late 2020, and the vendor acknowledged them and provided feedback in February 2021.

AMD has assigned the CVE identifier CVE-2021-26318 and a medium severity rating to the vulnerabilities. The chipmaker has confirmed that the issue impacts all of its processors, but it’s not recommending any new mitigations due to the fact that “the attacks discussed in the paper do not directly leak data across address space boundaries.”

AMD’s advisory lists a series of recommendations for mitigating side-channel attacks in general, such as keeping operating systems, software and firmware up to date, and following secure coding practices.

Lipp has confirmed for SecurityWeek that mitigations already exist for the attacks they have described, but noted that not all of them are enabled by default on AMD CPUs.

Lipp believes their latest research discusses some interesting properties of AMD processors that could fuel future research into side-channel attacks.

“For instance, we use RDPRU as a timing primitive as the typically used rdtsc instruction has a lower resolution on AMD. This allows to distinguish events with only a slight timing difference,” Lipp explained via email. “On the other hand, we use the reported energy consumption of the AMD driver to mount an attack. While this driver has now been removed from the Linux kernel, using this energy source could be interesting to mount other power side-channel attacks as we have shown on Intel with the PLATYPUS attacks.”

Earlier this year, researchers described a voltage glitching attack that shows AMD’s Secure Encrypted Virtualization (SEV) technology may not provide proper protection for confidential data in cloud environments.

Related: AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data

Related: PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption

Related: Researchers Show First Side-Channel Attack Against Apple M1 Chips

Related: New Side-Channel Attack Targets Intel CPU Ring Interconnect

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.