
Recently, reports of irreversible vulnerabilities were discovered in Intel CPUs and chipsets, but a study found that similar problems occurred in AMD as well. A research team at Graz University of Technology in Austria has discovered that there are two vulnerabilities in all AMD processors since 2011, from AMD Athlon 64 X2 to Ryzen 7 to Threadripper, which can potentially data leaks.
The issue, called Take Away, according to the published paper, affects all AMD processors from 2011 to 2019 and is entangled in the ZEN microarchitecture. The research team reported the problem to AMD on August 23, 2019, but AMD has not yet resolved the problem.
Both vulnerabilities were discovered by reverse engineering the AMD processor L1D Cash Way-Predictor. First, a specific attack (Collide + Probe) method can be accessed without knowing the actual memory address and shared memory in time-sharing processing of the target logical core. Another attack (Load + Reload) is that it is possible to accurately track memory accesses to the physical core. This technique uses shared memory, but allows more confidential attacks without affecting cache data.
The vulnerability was also said to be able to acquire AES encryption keys that can be used using JavaScript in Chrome or Firefox browsers. It can also be used for data center cloud intrusion.
However, the research team explained that this vulnerability is not as freely accessible as the Specter and Meltdown found in Intel CPUs, and is only a little bit of metadata. It also suggested a solution that combines hardware and software, but did not explain whether there is any performance degradation seen in Intel CPUd that implemented Specter and Meltdown measures.
Although this study was widely funded in Austria, France and Europe, it is pointed out that the large fund was provided by Intel. If you look at this, you can see wearing sunglasses, but the vulnerability itself is not fabricated. Anyway, recently, processors and chipsets are becoming more complex than before, and it may be inevitable that humans can’t prevent vulnerabilities from being mixed up. Now, both Intel and AMD pointed out that it could be natural for modern processors to contain vulnerabilities, and it could be important to find and deal with them before anyone exploits them. Related information can be found here .