AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.
Known as “Take A Way,” the new potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD’s Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption.
The research was published by a group of academics from the Graz University of Technology and Research Institute of Computer Science and Random Systems (IRISA), who responsibly disclosed the vulnerabilities to AMD back in August 2019.
“We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way,” AMD said in an advisory posted on its website over the weekend.
“The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks.”
While the notification doesn’t go into specifics about mitigating the attack, Vedad Hadžić, one of the key researchers on the paper, said the vulnerability is still open to active exploitation.
With Intel coming under scrutiny for a string of flaws in its CPUs — from Meltdown, Spectre, ZombieLoad to the recent unpatchable CSME firmware flaw — the research is a reminder that no processor architecture is fully secure.
t’s worth noting that some of the co-authors listed in the study were also behind uncovering the Meltdown, Spectre, and ZombieLoad vulnerabilities.