AMD CPU "Collide+Probe" and "Load+Reload" Side Channel Attacks Revealed
takyon writes:
New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (archive)
A new paper released by the Graz University of Technology details two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted. (PDF)
The university says it disclosed the vulnerabilities to AMD on August 23, 2019, meaning it was disclosed in a responsible manner (unlike the CTS Labs debacle), but there isn't any word of a fix yet. We've pinged AMD for comment.
We've become accustomed to news of new Intel vulnerabilities being disclosed on a seemingly-weekly basis, but other processor architectures, like AMD and ARM, have also been impacted by some vulnerabilities, albeit to a lesser extent. It's hard to ascertain if these limited discoveries in AMD processors are triggered by a security-first approach to hardened processor design, or if researchers and attackers merely focus on Intel's processors due to their commanding market share: Attackers almost always focus on the broadest cross-section possible. We see a similar trend with malware being designed for Windows systems, by far the predominant desktop OS, much more frequently than MacOS, though that does appear to be changing.
Read more of this story at SoylentNews.