• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Processors Since 2011 Hit with Cache Attack Vulnerabilities: Take A Way

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,215 (7.55/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Cybersecurity researcher Moritz Lipp and his colleagues from the Graz University of Technology and the University of Rennes uncovered two new security vulnerabilities affecting all AMD CPU microarchitectures going back to 2011, detailed in a research paper titled "Take A Way." These include "Bulldozer" and its derivatives ("Piledriver," "Excavator," etc.,) and the newer "Zen," "Zen+," and "Zen 2" microarchitectures. The vulnerabilities are specific to AMD's proprietary L1D cache way predictor component. It is described in the security paper's abstract as a means for the processor to "predict in which cache way a certain address is located, so that consequently only that way is accessed, reducing the processor's power consumption."

By reverse engineering the L1D cache way predictor in AMD microarchitectures dating from 2011 to 2019, Lipp, et al, discovered two new attack vectors with which an attacker can monitor the victim's memory accesses. These vectors are named "Collide+Probe," and "Load+Reload." The paper describes the first vector as follows: "With Collide+Probe, an attacker can monitor a victim's memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core." The second vector is described as "With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core." The two vulnerabilities have not been assigned CVE entries at the time of this writing. The research paper, however, describes the L1D cache way predictor in AMD processors as being vulnerable to attacks that can reveal contents of memory or even keys to a vulnerable AES implementation. For now there is no mitigation to these attacks, but the company is reportedly working on firmware and driver updates. Access the research paper here.



View at TechPowerUp Main Site
 
Joined
Nov 20, 2012
Messages
422 (0.10/day)
Location
Hungary
System Name masina
Processor AMD Ryzen 5 3600
Motherboard ASUS TUF B550M
Cooling Scythe Kabuto 3 + Arctic BioniX P120 fan
Memory 16GB (2x8) DDR4-3200 CL16 Crucial Ballistix
Video Card(s) Radeon Pro WX 2100 2GB
Storage 500GB Crucial MX500, 640GB WD Black
Display(s) AOC C24G1
Case SilentiumPC AT6V
Power Supply Seasonic Focus GX 650W
Mouse Logitech G203
Keyboard Cooler Master MasterKeys L PBT
Software Win 10 Pro
ACKNOWLEDGMENTS

We thank our anonymous reviewers for their comments and sugges-tions that helped improving the paper. The project was supportedby the Austrian Research Promotion Agency (FFG) via the K-projectDeSSnet, which is funded in the context of COMET - CompetenceCenters for Excellent Technologies by BMVIT, BMWFW, Styria, andCarinthia. It was also supported by the European Research Coun-cil (ERC) under the European Union’s Horizon 2020 research andinnovation programme (grant agreement No 681402). This workalso benefited from the support of the project ANR-19-CE39-0007MIAOUS of the French National Research Agency (ANR). Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in thispaper are those of the authors and do not necessarily reflect theviews of the funding parties.

Oh Intel... please never change.
 
Joined
Jul 10, 2011
Messages
797 (0.16/day)
Processor Intel
Motherboard MSI
Cooling Cooler Master
Memory Corsair
Video Card(s) Nvidia
Storage Western Digital/Kingston
Display(s) Samsung
Case Thermaltake
Audio Device(s) On Board
Power Supply Seasonic
Mouse Glorious
Keyboard UniKey
Software Windows 10 x64
Oh Intel... please never change.

Commissioned by AMD QA Consultants Determines AMD's Most Stable Graphics Drivers in the Industry

Recent drivers hell says otherwise
 
Joined
Apr 19, 2018
Messages
1,227 (0.51/day)
Processor AMD Ryzen 9 5950X
Motherboard Asus ROG Crosshair VIII Hero WiFi
Cooling Arctic Liquid Freezer II 420
Memory 32Gb G-Skill Trident Z Neo @3806MHz C14
Video Card(s) MSI GeForce RTX2070
Storage Seagate FireCuda 530 1TB
Display(s) Samsung G9 49" Curved Ultrawide
Case Cooler Master Cosmos
Audio Device(s) O2 USB Headphone AMP
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Cherry MX
Software Windows 11
"Additional funding was provided by generous gifts from Intel."

I have a feeling that we will see more of this from now on, as the fruits of Intel's money become "published"...
 
Joined
Feb 3, 2017
Messages
3,746 (1.32/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Graz University of Technology has been in the forefront of security vulnerabilities research since Spectre and Meltdown. At least three of the authors of this paper were also among authors of their Meltdown paper and at least one was among authors of their Spectre paper.

I absolutely do not get the instant dismissal when someone spots Intel somewhere.
Oh Intel... please never change.
Fallout: Leaking Data on Meltdown-resistant CPUs said:
ACKNOWLEDGMENTS
We want to thank the reviewers for their feedback, as well as Vedad Hadžić from Graz University of Technology and Julian Stecklina from Cyberus Technology for contributing ideas and experiments. This work has been supported by the Austrian Research Promotion Agency (FFG) via the project ESPRESSO, which is funded by the Province of Styria and the Business Promotion Agencies of Styria and Carinthia. It was also supported by the Austrian Research Promotion Agency (FFG) via the K-project DeSSnet, which is funded in the context of COMET – Competence Centers for Excellent Technologies by BMVIT, BMWFW, Styria and Carinthia. It has also received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 681402), by the Defense Advanced Research Projects Agency (DARPA) under contract FA8750-19-C-0531, and by the National Science Foundation under grant CNS-1814406. Additional funding was provided by a generous gift from Intel and AMD.
Oh AMD... please never change?
 
Last edited:
Joined
Jul 5, 2013
Messages
27,665 (6.66/day)
Ok, this is some scary stuff. AMD has a serious problem to solve.

In the referenced PDF, section 5.2.3, a method is described by which Javascript itself can be configured to attack a system and supply harvested data straight through both Chrome and Firefox browsers. Theoretically, ANY browser that uses Javascript(99%) can potentially be used to attack a subject system.

It will be interesting to review the analysis and CVE for these new vulnerabilities.
 
Joined
Feb 3, 2017
Messages
3,746 (1.32/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
In the referenced PDF, section 5.2.3, a method is described by which Javascript itself can be configured to attack a system and supply harvested data straight through both Chrome and Firefox browsers. Theoretically, ANY browser that uses Javascript(99%) can potentially be used to attack a subject system.
Isn't this the same timing approach as Spectre? Which has already been mitigated by browsers not using accurate enough timers to mount a successful attack?
 
Joined
Feb 23, 2019
Messages
6,056 (2.89/day)
Location
Poland
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE

TheLostSwede

News Editor
Joined
Nov 11, 2004
Messages
17,573 (2.40/day)
Location
Sweden
System Name Overlord Mk MLI
Processor AMD Ryzen 7 7800X3D
Motherboard Gigabyte X670E Aorus Master
Cooling Noctua NH-D15 SE with offsets
Memory 32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s) Gainward GeForce RTX 4080 Phantom GS
Storage 1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s) Acer XV272K LVbmiipruzx 4K@160Hz
Case Fractal Design Torrent Compact
Audio Device(s) Corsair Virtuoso SE
Power Supply be quiet! Pure Power 12 M 850 W
Mouse Logitech G502 Lightspeed
Keyboard Corsair K70 Max
Software Windows 10 Pro
Benchmark Scores https://valid.x86.fr/yfsd9w
Ok, this is some scary stuff. AMD has a serious problem to solve.

In the referenced PDF, section 5.2.3, a method is described by which Javascript itself can be configured to attack a system and supply harvested data straight through both Chrome and Firefox browsers. Theoretically, ANY browser that uses Javascript(99%) can potentially be used to attack a subject system.

It will be interesting to review the analysis and CVE for these new vulnerabilities.
Supposedly this only allows for short snippets of data and might not even be usable for a full password.
 
Joined
Feb 3, 2017
Messages
3,746 (1.32/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Want to bet that similar line can be found in Spectre and Meltdown papers?
Actually, no. I checked. Spectre/Meltdown papers research was not supported by neither Intel nor AMD. More recent research has been supported by Intel and sometimes by AMD.
 
Joined
Sep 17, 2014
Messages
22,417 (6.03/day)
Location
The Washing Machine
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling Thermalright Peerless Assassin
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
Oh Intel... please never change.
Commissioned by AMD QA Consultants Determines AMD's Most Stable Graphics Drivers in the Industry

Recent drivers hell says otherwise

Nice race to the bottom, guys. You can crawl back into your hole now and leave this for the adults.
 
Joined
Jan 8, 2017
Messages
9,425 (3.28/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
I absolutely do not get the instant dismissal when someone spots Intel somewhere.

Then you don't know their history, the evidence on why nothing that is touched by Intel can be fully trusted is immense. You can chose to believe in the just world fallacy where everyone is well intended unless otherwise proven but I for one don't, seen too many instances when that wasn't the case.

For the record, I don't dismiss the paper, it's not like I think it's nonsense but I do question it's purpose and how well it was timed with other events.
 
Joined
Feb 3, 2017
Messages
3,746 (1.32/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Then you don't know their history, the evidence on why nothing that is touched by Intel can be fully trusted is immense. You can chose to believe in the just world fallacy where everyone is well intended unless otherwise proven but I for one don't, seen too many instances when that wasn't the case.
I do know the history. I would suspect better than most. Still, "nothing that is touched by Intel" is quite extreme, don't you think?
In line with the context used here, do you think we should dismiss any and all research papers Intel has been sponsoring? ;)
For the record, I don't dismiss the paper, it's not like I think it's nonsense but I do question it's purpose and how well it was timed with other events.
What events? This was disclosed to AMD last August and published now. Timing a 6-month window would seem too big of a hassle to even try.

Edit:
This is kind of weird though. Instead of discussing what the paper found, whether this has impact or merit (it should, being an academic paper which I assume is peer reviewed), we are discussing Intel because there is a sidenote in the paper that Intel supported researchers. This kind of support is not exactly abnormal.
 
Last edited:
Joined
Jun 19, 2010
Messages
409 (0.08/day)
Location
Germany
Processor Ryzen 5600X
Motherboard MSI A520
Cooling Thermalright ARO-M14 orange
Memory 2x 8GB 3200
Video Card(s) RTX 3050 (ROG Strix Bios)
Storage SATA SSD
Display(s) UltraHD TV
Case Sharkoon AM5 Window red
Audio Device(s) Headset
Power Supply beQuiet 400W
Mouse Mountain Makalu 67
Keyboard MS Sidewinder X4
Software Windows, Vivaldi, Thunderbird, LibreOffice, Games, etc.
Aslong as none of any vunerabilities are fantasy, they are legit, no matter who sponsored the research.
This research sponsoring is a legit method of competitive behaviour in my opinion and will lead to more secure products of all participants.
 
Joined
Feb 23, 2019
Messages
6,056 (2.89/day)
Location
Poland
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE
Actually, no. I checked. Spectre/Meltdown papers research was not supported by neither Intel nor AMD. More recent research has been supported by Intel and sometimes by AMD.
Try CacheOut, "gifts" from both Intel and AMD.
 
Joined
Dec 31, 2009
Messages
19,371 (3.56/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
So... @R-T-B, what's the story here...

Much ado about nothing? Something?
 
Last edited:
Joined
Jan 8, 2017
Messages
9,425 (3.28/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
This was disclosed to AMD last August and published now.

Published now, right along when the financial analyst day took place. A pure coincidence I'd imagine.

Still, "nothing that is touched by Intel" is quite extreme

First or second time around when Intel did something shady ? Yeah, it would be extreme. After the plethora of examples when that happened with some being confirmed and punished by authorities, nah not that extreme anymore. Again, it's your personal choice to believe nothing is wrong should be the de facto stance on this, mine isn't.
 
Joined
Jun 17, 2018
Messages
38 (0.02/day)
System Name RYZEN
Processor 5900X @ 4.7Ghz EK Evo Supremacy RBG
Motherboard Gigabyte Auros Elite X570
Cooling Aplhacool Monsta 360
Memory Gskill Royals RGB @ 3800Mhz 16GB
Video Card(s) RX 6800XT @ 2500 mhz core 2100mhz mem. EK Vega WaterBlock
Display(s) Acer 49 144hz Curve 1080P Monitor
Case Thermaltake G21 Dual Tempered Glass SPCC
Audio Device(s) steel series siberia elite prism
Power Supply EVGA G2 1600Watts Gold
Mouse tt sports level 10 mouse
Keyboard Logitech 710+ Mechanical keyboard
Software Windows 10
haters gonna hate.
 
Joined
Oct 10, 2018
Messages
943 (0.42/day)
If there is a vulnerability with Intel related products, we condemn them.
If there is a vulnerability with AMD related products we condemn Intel once again..
There is never anything wrong with AMD.
 

the54thvoid

Super Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
13,040 (2.39/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
Stay on topic please. Discussion about the impact or real-world likelihood of the vulnerability affecting us is welcome. Sniping back and forth about "AMD this... Intel that" is not.
 
Joined
Jul 10, 2017
Messages
2,671 (0.99/day)
"Additional funding was provided by generous gifts from Intel."

I have a feeling that we will see more of this from now on, as the fruits of Intel's money become "published"...

Although I feel you, I must admit that all users benefit from this.

The more pressure on the companies the greater the chance they do things right.
 
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
Spectre is what again? They say in this report, the vulnerability is global accessibility of victim cache evict logs. So the question is spectre-mtd-... stay on point and not undue ad-nauseum much?
 
Joined
Sep 26, 2012
Messages
118 (0.03/day)
Processor AMD Threadripper 3690x
Motherboard MSI TRX40 Pro 10G
Cooling Custom Water
Memory 32GB (2x 16GB) G.Skill Flare X
Video Card(s) Gigabyte GeForce GTX 1080 Turbo OC
Storage 2x 1TB Intel 970 Pro NVM
Display(s) Dell U2415m x2
Case Fractal Define XL R2
Audio Device(s) Sound Blaster Hyper X G6
Power Supply 800 Watt Fractal Design Newton R3
Mouse Logitech G502
Keyboard Cherry MX-3.0 - Black Keys
Software Win 10 Edu
To ask some valid questions instead of continuing the bashing of AMD vs. Intel - under what circumstance can this be used?

Same jokes as with Intel's vulns where the attacker already needs to have full admin access to the system?
Can this be used from outside sources without actual access?
Can this be exploited via malicious websites?

Those questions should be discussed here....
 
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
At least, you cannot overshadow the real big impact as a base rate fallacy since the researchers spill the beans for you. You can bang all the drums you want, it doesn't make a spectre variant any more vulnerable than meltdown.
 
Top