All AMD processor manufactured between 2011 and 2019 are vulnerable to two new side channel attacks, according to researchers at Graz University of Technology, some of whom were responsible for identifying the Spectre and Meltdown vulnerabilities.
In their paper, Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors, the researchers detail two side channel attacks that can be performed exploiting vulnerabilities in AMD’s cache way predictor, which was implemented to optimize energy consumption and enhance the performance of its CPUs.
The way predictor for the L1-data (L1D) cache predicts which cache way a certain address is located. As a result, only that way is used, which reduces power consumption of the processor. The researchers reverse-engineered the L1D cache way predictor and identified two side channel attacks that could be performed in combination with attacks such as Spectre. Those attacks are called Collide+Probe and Load+Reload.
The Collide+Probe side-channel attack would allow an attacker to monitor memory accesses without knowledge of the physical addresses or shared memory when time-sharing a logical core. “With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions,” explained the researchers in their paper.
These methods of attack are software-only. They only require an attacker to have access to a vulnerable computer with low-level privileges. The researchers explained that the Collide+Probe attack could be launched via a web browser with no user interaction necessary.
These new attacks only result in the leakage of “a few bits of metadata”, so they are nowhere near as serious as vulnerabilities such as Meltdown, which allowed large quantities of actual data to be obtained.
The researchers reported their findings to AMD on August 23, 2019 and provided hardware- and software-based mitigations that could be implemented to prevent exploitation. Following the publication of the paper, AMD downplayed the seriousness of the flaws and said they are not new types of attacks as they are paired with known and mitigated software or speculative execution side channel vulnerabilities. However, the researchers maintain that the side channels they exploited still exist and have not been patched.