Shulou(Shulou.com)11/24 Report--

CTOnews.com, August 9 (Xinhua)-- A research team from the Federal Institute of Technology in Zurich recently discovered a vulnerability called "Inception", saying that all AMD Zen CPU, including the latest model, are vulnerable.

The team combined an old technology called "Phantom speculation" with a transient execution attack (Transient Execution Attacks) technology called "Training in Transient Execution" (TTE) to create a more powerful "Inception" attack.

CTOnews.com Note:

Phantom speculation: tracking number CVE-2022-23825, creates a speculative execution cycle (transient window) at any XOR instruction, allowing an attacker to trigger false predictions.

TTE: manipulate future mispredictions by injecting new predictions into the branch predictor to create available conjecture execution.

Inception attack: tracking number CVE-2023-20569, a new attack method that combines the above two methods to make CPU believe that the XOR instruction (simple binary operation) is a recursive invocation instruction.

The vulnerability can lead to a return stack buffer overflow and the target address is controlled by the attacker, allowing the attacker to disclose arbitrary data from unprivileged processes running on any AMD Zen CPU.

Even if CPU has deployed mitigation measures for speculative execution attacks (such as Spectre) or transient control flow hijacking (such as automatic IBRS), there is still the possibility of disclosure.

In addition, the data disclosure rate achieved through Inception is 39 bytes per second, and it takes about half a second to steal a 16-character password and 6.5 seconds to steal a RSA key.

All Ryzen and EPYC CPU based on AMD Zen architectures, from Zen 1 to Zen 4, are affected by Phantom and Inception, the researchers said.

Although Intel CPU is also affected by TTE variants, it is difficult for attackers to use Phantom on Intel processors because of eIBRS mitigation measures.

The proof of concept created by the EIT team in Zurich was performed on Linux, but because it was a hardware defect, not software, of AMD CPU, all systems using AMD CPU were at risk.

The AMD official then issued a comment:

AMD has received external reports about "INCEPTION", which is a new speculative side channel attack.

AMD uses available evidence to show that this vulnerability can only be exploited locally in scenarios such as downloading malware.

AMD recommends that users upgrade to the new driver version, as well as the latest malware detection tools, and recommends that customers adopt security best practices to improve device security.

AMD has not found any behavior to exploit the "Inception" vulnerability outside the research environment.

AMD recommends that users based on Zen 3 and Zen 4 install the μ code patch and upgrade the BIOS update as soon as possible.

For products based on "Zen" or "Zen 2" CPU architectures, there is no need for μ code patches or BIOS updates because these architectures are designed to clear branch type predictions from the branch predictor.

AMD plans to release updated versions of AGESA ™to original equipment manufacturers (OEM), original design manufacturers (ODM), and motherboard manufacturers listed in the AMD Security Bulletin. Consult your OEM, ODM, or motherboard manufacturer for BIOS updates specific to your product.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.