All AMD Zen-based Ryzen and EPYC CPUs could be compromised to expose privileged secrets and data with the novel Inception side-channel attack, which was developed by ETH Zurich researchers through the combination of a Phantom speculation technique, tracked as CVE-2022-23825, and the "Training in Transient Execution" attack, according to BleepingComputer.
Threat actors could leverage the attack, tracked as CVE-2023-20569, to obfuscate XOR instructions as recursive call instructions, which results in the overflow of the return stack buffer and eventually lead to the exposure of arbitrary data from any AMD Zen CPU's unprivileged processes, reported researchers.
The report noted that mitigating the attack requires complete flushing of the branch predictor state when performing distrusting context switches.
However, Inception exploitation could only be performed locally, according to AMD, which urged the implementation of security best practices, as well as the application of a code patch or BIOS update for Zen 3 or Zen 4 products.
Related Terms
Anti-MalwareAntivirus SoftwareBring Your Own Device (BYOD)Ephemeral PortExtranetEndpoint SecurityFirmwareKeyloggerRegistryGet daily email updates
SC Media's daily must-read of the most current and pressing daily news