Surely, you might have seen a lot of memes going around that make fun of AMD and its processors have many cores. Though these, in some ways, provide it with the power that an AMD processor is known for, this however, has also become its main negative trait. According to various studies done by computer scientists at TU Dresden Germany, the AMD Zen processors are vulnerable to a data-bothering meltdown-like attack.
As it happens, there are way more ways in which an attack except for malware and some malicious user interfering with the system. A modern CPU is said to have many side-channels that are still left to be found.
Transient Execution of Non-Canonical Accesses is the title of the paper by Saidgani Musaev and Christof Fetzer. In it, they analyzed AMD Zen+ and Zen 2 chips, or, to be more precise, Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX. In it, they found that they were able to impact the CPU cores in a negative way.
Now, a ‘meltdown’ was first coined in 2018. It is a process that breaks the barrier between the system and the application. So if that application has malware, it allows that malware to slowly figure out the content that is protected by the kernel memory and any other secrets such as the stored passwords and keys.
Before this, such a meltdown process had only been discovered for the intelx86 chip. Since then, the list has further expanded to cover the IBM power parts and now the AMD chips. On the other hand, AMD claims that their chips are not vulnerable to meltdown. They said that the instructions that are executed from the user-mode cannot typically discern the content stored in the kernel-memory.
The computer scientists agree with AMD on this one, as they also say that it is true for classical meltdown-attack. On the other hand, they found another way into the system in which the CPU core itself accesses the data memory. This new behaviour, as they say, is very much like a meltdown attack.
Now, the only big difference in this attack is that it basically uses one thread of the program to affect the other thread that is running a different program in the same virtual memory. Whereas, in the meltdown, it uses one process to read the memory of the other or even the kernel.
In the paper, the scientists clearly explain that the violation we report does not lead to cross address space leaks, but it provides a reliable way to force an illegal data flow between microarchitectural elements. Unlike in any of the previous AMD chips, the observation told them that it is possible to force an illegal data flow between the elements.
In their answer to this, AMD released a security advisory. This advisory said that when combined with specific software sequences, the CPUs might execute non-canonical loads that might result in the data leakage. They also recommended the same mitigation as the one that was advised for the intelx86 chips. The software vendors are advised to analyze their code thoroughly.
In other news, Japan has set up some vending machines where they are selling AMD CPUs. But, hold up, there is a twist. The boxes don’t contain CPUs. Instead, it works as a lottery system. It has both old and new CPUs from Intel as well as AMD, but if the player is lucky, they might win the new ones.
But, could this still prevent their CPUs from a meltdown-like attack? Don’t think so. As of now, there are still a lot of observations to be made and a lot of answers to be found. Feel free to check out the paper by the duo.