Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.
AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed.The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.
The research team said it notified AMD of the two issues in August 2019, however, the company has not publicly addressed the two issues, nor has it released microcode (CPU firmware) updates.
An AMD spokesperson was not available for comment on this article.
THE L1D CACHE WAY PREDICTOR
The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor.
Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.
A high-level explanation is available below:
The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.
The two new attacks were discovered after a team of six academics -- from the Graz University of Technology in Austria and the Univerisity of Rennes in France -- reverse-engineered this "undocumented hashing function" that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.
"Knowledge of these functions is the basis of our attack technique," the research team said.
Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.
Read more: AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet