Boffins find that AMD processors leak a bit
 

Happens when you get older

A new paper released by the Graz University of Technology details two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor.

The boffins found the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

The university says it disclosed the vulnerabilities to AMD on August 23, 2019, meaning it was disclosed in a responsible manner but there is no word of a fix yet. We've pinged AMD for comment.

The two AMD vulnerabilities are side-channel approaches, in this case a Spectre-based attack which enable researchers to tease out what would normally be protected information. Here's a description of the technique from the whitepaper:

"We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions."

https://fudzilla.com/news/50447-boff...ors-leak-a-bit