Skip to main content

All AMD processors since 2011 have had a security vulnerability

Coming on the heels of recent news that there is an unfixable vulnerability in Intel processors from the last five years, security researchers have identified a vulnerability in AMD processors from the last nine years as well.

A paper by researchers from the Graz University of Technology, first reported on by Tom’s Hardware, describes two attacks, Collide+Probe and Load+Reload, which are a subset of the “Take A Way” vulnerability and are based on a Spectre attack. The vulnerability is found in all AMD processes released between 2011 and 2019, including the Zen microarchitecture.

“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers wrote in the paper. “With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.”

Fixes may compromise performance

These are what are called side-channel attacks, which can be deployed by exploiting vulnerabilities in JavaScript via internet browsers such as Google Chrome or Mozilla Firefox. The researchers did suggest both hardware and software fixes which could protect against the vulnerabilities, but these may involve a tradeoff in performance as most Spectre fixes have done. The suggestions include temporarily disabling the processor’s way predictor to prevent attacks, using a keyed mapping function, and flushing the way predictor after use. These fixes are all things that would have to be engineered by AMD, so if you are a regular user then there’s not much you can do except wait to see what security measures AMD will bring in.

This is some controversy around the findings of this paper, as the acknowledgments section includes mention of funding from Intel, first spotted by Hardware Unboxed: “Additional funding was provided by generous gifts from Intel.” This is not unusual in academic research, however, and the lead author responded on Twitter that he discloses the funding Intel provides to some of his students on all of his papers.

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
AMD may use Samsung’s 4nm node for Chromebook processors
A digital depiction of an AMD Ryzen 5000G chip.

AMD may soon work with the Samsung chip foundry in order to prepare 4nm Chromebook processors, according to Gokul Hariharan, an analyst at J.P. Morgan.

AMD has previously only worked with two semiconductor factories -- TSMC and GlobalFoundries -- but if the report proves to be true, the cooperation with Samsung may also extend to graphics cards.

Read more
AMD’s Ryzen 6000 processors could launch in 2022 with a key feature missing
Dr. Lisa Su, the CEO of AMD, on a stage revealing Ryzen news.

A leaker has revealed AMD's plans for 2022, as well as a little about what Intel could have up its sleeve. The rumor claims that AMD will launch its tentatively named Ryzen 6000 processors (using the Zen 4 architecture) at the start of the second half of 2022, but they'll be missing a key feature.

The leaker, Enthusiastic Citizen, revealed that AMD will launch Ryzen 6000 chips alongside the Z670 and B650 processors shortly after July 2022. These new processors are said to support PCIe 5.0 and DDR5, but unlike Intel's 12th-gen Alder Lake platform, the rumor claims that Ryzen 6000 won't support DDR4 as well.

Read more
AMD just revealed some key details about its upcoming Zen 4 processors
Dr. Lisa Su, the CEO of AMD, on a stage revealing Ryzen news.

AMD has released a video to celebrate five years of the Ryzen brand, and it revealed some juicy tidbits about future products. In this video, John Taylor and Robert Hallock of AMD teased what the manufacturer has in store for 2022, including processors from both the Zen 3 and Zen 4 lines.

In the video Hallock, director of technical marketing at AMD, confirms the rumors of a new platform coming next year. The new processors, complete with a new socket and DDR5 memory support, are going to be released in 2022. Hallock also confirmed that the new platform will be backward compatible with current AM4 socket CPU coolers.

Read more