A newly-discovered security vulnerability affecting AMD Zen CPU chips could potentially be putting thousands of machines at risk, experts have warned.
Inception, described by the researchers as a “transient execution attack” has the same outcome as other speculation abusers in the past, such as Spectre and Meltdown – it can steal sensitive data from the chip itself.
The vulnerability was discovered by cybersecurity researchers at ETH Zurich, which claim that all AMD Zen CPUs, including the latest models, are susceptible. To make it work, the experts combined an older technique, dubbed “Phantom speculation”, with a new transient execution attack, dubbed “Training in Transient Execution”, BleepingComputer found. The result is called Inception – an even more powerful form of transient execution attack.
Inception’s exploitability
Inception is now tracked as CVE-2023-20569.
Commenting on the news, AMD played down the significance of the findings, saying they can only be exploited with malware, which means – if hackers end up abusing it – it’s the users’ fault, and not AMD’s: “AMD believes ‘Inception’ is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools,” the company said in a comment shared with BleepingComputer.
“AMD recommends customers apply a µcode patch or BIOS update as applicable for products based on “Zen 3” and “Zen 4” CPU architectures. No µcode patch or BIOS update is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor. AMD plans to release updated AGESA™ versions to Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers listed in the AMD security bulletin. Please refer to your OEM, ODM or motherboard manufacturer for a BIOS update specific to your product.”
The company also said that there is no evidence of Inception being abused in the wild.
If someone ends up using it in the wild, they can expect to steal a 16-character password in half a second, and an RSA key in 6.5 seconds.
Via: BleepingComputer
Services Marketplace – Listings, Bookings & Reviews