It was only a matter of time before security vulnerabilities started appearing for AMD processors.
Graz University of Technology researchers have discovered two new side-channel attacks – “Collide+Probe” and “Load+Reload” – that affect AMD CPUs from 2011 to 2019. These would include recent Zen products such as the Threadripper 2970WX (Zen+), Ryzen 7 3700X (Zen 2), and EPYC 7571 (Zen).
Both vulnerabilities involve AMD’s L1D cache way predictor, which enhances performance and reduces power consumption by managing how cached data is handled within memory. They could allow attackers with physical access to steal sensitive data.
Collide+Probe lets an attacker “monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core,” while Load+Reload exploits “the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core,” the researchers explained.
Some readers have pointed out that this research was funded by Intel: “Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties,” reads a passage in the Acknowledgments section.
The findings seem to be pretty legit, however. Daniel Gruss, one of the lead researchers, says this is par for the course.
You will find this in almost all of my papers, finding flaws in various processors and other things. Intel funds some of my students. If one of these students co-authors a paper, we acknowledge the gift of course.— Daniel Gruss (@lavados) March 7, 2020