Skip to main content
  1. Home
  2. Computing
  3. News

All AMD processors since 2011 have had a security vulnerability

Add as a preferred source on Google

Coming on the heels of recent news that there is an unfixable vulnerability in Intel processors from the last five years, security researchers have identified a vulnerability in AMD processors from the last nine years as well.

A paper by researchers from the Graz University of Technology, first reported on by Tom’s Hardware, describes two attacks, Collide+Probe and Load+Reload, which are a subset of the “Take A Way” vulnerability and are based on a Spectre attack. The vulnerability is found in all AMD processes released between 2011 and 2019, including the Zen microarchitecture.

Recommended Videos

“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers wrote in the paper. “With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.”

Fixes may compromise performance

These are what are called side-channel attacks, which can be deployed by exploiting vulnerabilities in JavaScript via internet browsers such as Google Chrome or Mozilla Firefox. The researchers did suggest both hardware and software fixes which could protect against the vulnerabilities, but these may involve a tradeoff in performance as most Spectre fixes have done. The suggestions include temporarily disabling the processor’s way predictor to prevent attacks, using a keyed mapping function, and flushing the way predictor after use. These fixes are all things that would have to be engineered by AMD, so if you are a regular user then there’s not much you can do except wait to see what security measures AMD will bring in.

This is some controversy around the findings of this paper, as the acknowledgments section includes mention of funding from Intel, first spotted by Hardware Unboxed: “Additional funding was provided by generous gifts from Intel.” This is not unusual in academic research, however, and the lead author responded on Twitter that he discloses the funding Intel provides to some of his students on all of his papers.

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
This one app has single-handedly improved my Mac experience
It won't reinvent macOS. It will just quietly fix everything that annoys you about it.
Supercharge app

Every once in a while, you come across an app that fundamentally changes how you use your Mac. Over the past year, Supercharge has been that app for me. It packs hundreds of tweaks and features that solve macOS’s several annoyances and add improvements that upgrade the experience. 

While it will be hard to cover all its features in a single article, here are my favorite Supercharge features that have single-handedly improved my Mac experience. They've become such an integral part of my workflow that I now miss them whenever I use a Mac without Supercharge.

Read more
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more