Intel-Funded Study Finds AMD Processors Including All Ryzen Chips Vulnerable To Side-Channel Security Flaw

Academic researchers at Graz University of Technology in Austria have published a paper detailing what they say are security flaws inherent in every AMD processor manufactured from 2011 to 2019, which would include the company’s entire Zen lineup. The paper states “additional funding was provided by generous gifts from Intel,” so let’s start there. The disclosure appears in the Acknowledgement section of the paper, and after that whole CTS Labs controversy two years ago, it’s understandable why some people might be suspicious. Daniel Gruss, an assistant professor in the Secure Systems group at the University who co-authored the paper, offered up some clarification on the matter on Twitter. “You will find this in almost all of my papers, finding flaws in various processors and other things. Intel funds some of my students. If one of these students co-authors a paper, we acknowledge the gift of course,” Gruss wrote. He also noted half-jokingly that he could have “just dropped that PhD student off the paper instead,” further noting that his “funding sources do not restrict my academic freedom and independence,” otherwise he “couldn’t accept that funding.” Intel’s funding is interesting, and at the same time, not sufficient reason alone to dismiss the findings, especially if things are as Gruss explains. AMD has yet to issue a comment, so we’ll be keeping an eye on the situation. Researchers Claim AMD Processors Dating Back To Bulldozer Susceptible To Side-Channel Attacks Funding disclosure aside, the researchers say AMD’s CPU architectures, both past (dating back to Bulldozer) and present are vulnerable to side-channel attacks. These kinds of attacks have received a lot of attention since Spectre and Meltdown came to light, and have mostly affected Intel’s processors. It’s not clear if Intel’s CPU designs are simply more susceptible to side-channel exploits, or if more attention has been paid to Intel’s architectures, given the disparity in market share. If it is the latter, then we could end up seeing more papers like this one that focus on AMD’s hardware designs. AMD has been making strides in every segment, from mainstream consumer CPUs to data center and supercomputing markets. We’re jumping ahead of ourselves, though. As it pertains here, the paper highlights a pair of attack techniques dubbed Collide+Probe and Load+Reload. “We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions,” the paper states. As outlined, these attacks do not require physical access to a machine or other mitigating circumstances that would render them mostly benign. The researchers say they tested one of their proof-of-concept techniques in both Chrome and Firefox.
Read More