Endpoint/Device Security

AMD Zen CPUs at risk of data exposure with novel attack

Share

All AMD Zen-based Ryzen and EPYC CPUs could be compromised to expose privileged secrets and data with the novel Inception side-channel attack, which was developed by ETH Zurich researchers through the combination of a Phantom speculation technique, tracked as CVE-2022-23825, and the "Training in Transient Execution" attack, according to BleepingComputer. Threat actors could leverage the attack, tracked as CVE-2023-20569, to obfuscate XOR instructions as recursive call instructions, which results in the overflow of the return stack buffer and eventually lead to the exposure of arbitrary data from any AMD Zen CPU's unprivileged processes, reported researchers. The report noted that mitigating the attack requires complete flushing of the branch predictor state when performing distrusting context switches. However, Inception exploitation could only be performed locally, according to AMD, which urged the implementation of security best practices, as well as the application of a code patch or BIOS update for Zen 3 or Zen 4 products.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.