AMD Processors Vulnerable to Two New Side-Channel Attacks: “Collide+Probe,” “Load+Reload”

[Tsing]

Image: AMD



It was only a matter of time before security vulnerabilities started appearing for AMD processors.



Graz University of Technology researchers have discovered two new side-channel attacks – “Collide+Probe” and “Load+Reload” – that affect AMD CPUs from 2011 to 2019. These would include recent Zen products such as the Threadripper 2970WX (Zen+), Ryzen 7 3700X (Zen 2), and EPYC 7571 (Zen).

Image: Graz University



Both vulnerabilities involve AMD’s L1D cache way predictor, which enhances performance and reduces power consumption by managing how cached data is handled within memory. They could allow attackers with physical access to steal sensitive data.



Collide+Probe lets an attacker “monitor a victim’s memory...

Continue reading...

 

[Uvilla]

Did they report it to amd before publishing?

 

[Brian_B]

I was wondering how long AMDs seeming immunity would last

 

[Grimlakin]

I was wondering how long AMDs seeming immunity would last

Whats great is this is already corrected in zen 2. But yea thats a ding.

 

[Grimlakin]

Correction zen 2+ I guess. Ryzen 9 and the new thread rippers and presumably. New epyc cpu's are fine. Also... Notice something else here. All of the recent Intel vulnerabilities had a CVE associated with them. I'm curious as to why this one doesn't.

 

[David_Schroth]

What's the over/under on the next one being Collaborate+Listen? I suppose if they can put a stop to it...

 

[Zarathustra]

I hate this new era of hardware vulnerabilities.

 

[Riccochet]

this isn't too too bad. Requires physical access to the machine.