A group of researchers devised a new side-channel attack that affects all AMD processors. Although, the firm claims that no new mitigations or solutions are required as the attacks do not directly leak information in a threatening way.
How the side-channel attack works
The new side-channel attack allows malicious applications being installed on a system to abuse CPU weaknesses.
The attack takes advantage of the time and power estimation of prefetch instructions.
According to the researchers, the prefetch instruction on AMD leaks even more information than earlier prefetch attacks on Intel.
Using the technique, a hacker can collect sensitive information, such as passwords and encryption keys, from memory associated with other apps.
Real-world scenarios
Researchers have presented multiple attack scenarios in this case that can lead to the leak of sensitive data from the operating system.
They claimed the first-ever microarchitectural Kernel Address Space Layout Randomization (KASLR) break on AMD CPUs, which could let hackers enter users’ laptops, desktop PCs, and even cloud-deployed VMs.
Next, the researchers established a secret channel for monitoring the kernel activity, such as playing audio over Bluetooth.
In another scenario, they demonstrated the extraction of sensitive data with simple Spectre gadgets in the Linux kernel.
Vendor's response
These findings were reported to AMD in mid-and-late 2020 and the vendor provided feedback in February this year.
The chipmaker has given the CVE identifier CVE-2021-26318 and a medium severity rating to the exploited vulnerabilities.
Though the firm acknowledged that this issue impacts all of its processors, it has not offered new mitigation steps yet. It is because, as per the claim, the aforementioned techniques “do not directly leak data across address space boundaries.”
Safety Tips
Although this attack method is not very threatening, it proves that hardware is also very much exposed to the risks of unknown bugs or weaknesses. Besides keeping devices updated with the latest OS patches, researchers have provided mitigation recommendations that include page table isolation, FLARE, prefetch configuration MSRs, and restricting access.