AMD processors are victims of two new documented flaws, exploiting the way in which the cache memory anticipates the addressing of data. All the chips would be concerned since the Bulldozer architecture (2011).

In a research document entitled Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors , cybersecurity researcher Moritz Lipp, helped by specialists from the universities of Graz and Rennes, reveals the existence of two flaws that are victims of AMD processor microarchitectures since 2011. This includes all processors using the Bulldozer and Zen architectures, as well as their many derivatives (Piledriver, Excavator, Zen +, Zen2, etc., to name but a few).

These vulnerabilities are specific to a component used by AMD in its chips (dubbed L1D Way Predictor) to manage operations speculatively and optimize their operation. Thanks to this component, the processor predicts the addressing of data at the cache level, which allows faster access thereafter, while reducing energy consumption at this level. Problem, by reverse engineering on this component, the researchers identified two attack vectors making it possible to take control of memory accesses: Collide + Probe and Load + Reload.

“With Collide + Probe, an attacker can monitor accesses to a victim’s memory without knowing the physical addresses or shared memory by executing malicious code on a logical core […] With Load + Reload, the way predictor component is exploited to obtain very precise traces of access to memory on a single physical core ”, can be read in the document. In addition to the data passing through memory, this flaw could even allow obtaining certain encryption keys, possibly exposing storage systems protected by the AES protocol. Scenarios in which sensitive information is intercepted are also presented.

For the time being, AMD has not released a patch that would reduce the scope of these flaws, or even plug them entirely. Company engineers, on the other hand, are well aware of the existence of these vulnerabilities and say they are working on firmware and driver updates. According to some specialists, it is unlikely that AMD will therefore decide to do without this predictive component, considered too important for the operation of processors at the expected performance level.

Until patches are available, AMD recommends using an antivirus and updating its software . Not sure that this is enough to guard against possible attacks of this type. No one can claim, moreover, that attacks exploiting these flaws never took place.