Skip to main content
  1. Home
  2. Computing
  3. News

All AMD processors since 2011 have had a security vulnerability

Georgina Torbet
By

Coming on the heels of recent news that there is an unfixable vulnerability in Intel processors from the last five years, security researchers have identified a vulnerability in AMD processors from the last nine years as well.

A paper by researchers from the Graz University of Technology, first reported on by Tom’s Hardware, describes two attacks, Collide+Probe and Load+Reload, which are a subset of the “Take A Way” vulnerability and are based on a Spectre attack. The vulnerability is found in all AMD processes released between 2011 and 2019, including the Zen microarchitecture.

Recommended Videos

“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers wrote in the paper. “With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.”

Fixes may compromise performance

These are what are called side-channel attacks, which can be deployed by exploiting vulnerabilities in JavaScript via internet browsers such as Google Chrome or Mozilla Firefox. The researchers did suggest both hardware and software fixes which could protect against the vulnerabilities, but these may involve a tradeoff in performance as most Spectre fixes have done. The suggestions include temporarily disabling the processor’s way predictor to prevent attacks, using a keyed mapping function, and flushing the way predictor after use. These fixes are all things that would have to be engineered by AMD, so if you are a regular user then there’s not much you can do except wait to see what security measures AMD will bring in.

This is some controversy around the findings of this paper, as the acknowledgments section includes mention of funding from Intel, first spotted by Hardware Unboxed: “Additional funding was provided by generous gifts from Intel.” This is not unusual in academic research, however, and the lead author responded on Twitter that he discloses the funding Intel provides to some of his students on all of his papers.

Editors' Recommendations

Topics
Georgina Torbet
Georgina Torbet
Space Writer
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
AMD just revealed some key details about its upcoming Zen 4 processors
Dr. Lisa Su, the CEO of AMD, on a stage revealing Ryzen news.

AMD has released a video to celebrate five years of the Ryzen brand, and it revealed some juicy tidbits about future products. In this video, John Taylor and Robert Hallock of AMD teased what the manufacturer has in store for 2022, including processors from both the Zen 3 and Zen 4 lines.

In the video Hallock, director of technical marketing at AMD, confirms the rumors of a new platform coming next year. The new processors, complete with a new socket and DDR5 memory support, are going to be released in 2022. Hallock also confirmed that the new platform will be backward compatible with current AM4 socket CPU coolers.

Read more
Your Dell laptop might have a security vulnerability. Here’s how to fix it.
dell new inspiron laptops take xps design lineup 2021 1

After a security research firm discovered a security vulnerability that could give hackers access to your laptop, Dell is taking action with a fix. Impacting hundreds of millions of laptops across more than 380 models (including XPS, and Alienware) released since 2009, there are now more ways than one for you to address the urgent issue.

At the heart of this problem is a driver that Dell's laptops use to handle firmware updates. According to a Dell support page, this driver comes packaged with Dell Client firmware update utility packages and software tools, and a vulnerability within it can "lead to escalation of privileges, denial of service, or information disclosure."

Read more
New reports indicate AMD’s Ryzen 5000 processors may be failing at a high rate
amd ryzen 5 2400g 3 2200g processors hands on review imageamd and

If you've been among the few fortunate enough to get your hands on AMD's newly launched Ryzen 5000 series processors, you may think that the headache is over. We're learning that may not be the case, as there are reports that Team Red's new CPUs have a high failure rate.

Gamers who have upgraded to this family of processors will want to hang on to their receipts and packaging in the event of a Ryzen meltdown, as dealing with a return could be easier than having to navigate the manufacturer's warranty process for an exchange.

Read more