It appears that there is a new CPU fault in the line of Meltdown and Spectre to consider with AMD processors. The new fault is called Take A Way.
To optimize the energy consumption and performance of their CPUs, AMD introduced a branch predictor for the L1-data (L1D) cache reducing power consumption and the cost of latency.
The µtag used by the L1 cache is the focus of the researchers. The attack attempts to change branch addresses causing L1 faults. The attack depends on making a matching hash at a different memory location.
The researchers claim that the vulnerability is present all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.
“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.”
We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.
AMD continues to recommend the following best practices to help mitigate against side-channel issues:
- Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
- Following secure coding methodologies
- Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
- Utilizing safe computer practices and running antivirus software
Analysis of the exploit suggested a very difficult exploit on a fully updated system. Side channel attacks have been investigated with Intel and AMD processors previously.