• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Processors Since 2011 Hit with Cache Attack Vulnerabilities: Take A Way

Joined
Mar 10, 2010
Messages
11,878 (2.20/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
I do know the history. I would suspect better than most. Still, "nothing that is touched by Intel" is quite extreme, don't you think?
In line with the context used here, do you think we should dismiss any and all research papers Intel has been sponsoring? ;)
What events? This was disclosed to AMD last August and published now. Timing a 6-month window would seem too big of a hassle to even try.

Edit:
This is kind of weird though. Instead of discussing what the paper found, whether this has impact or merit (it should, being an academic paper which I assume is peer reviewed), we are discussing Intel because there is a sidenote in the paper that Intel supported researchers. This kind of support is not exactly abnormal.
No security notice should be dismissed only considered correctly.
We can only hope these companies work better to maintain our security and not just to maintain market share.
To be fair researchers need pay too, and if intel were not paying some other nation state would be. probably would not disclose it to the company and would develop a zero day out of it, not good.
Finally hopefully And shore up this hole soon, somehow.
 
Joined
Nov 4, 2005
Messages
12,019 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
So a competitive company paid for them to find security holes in their competitors product and then released the findings at an ideal time for company I.

What are the chances this is easily mitigated, and also, at this data level it seems it would slow the machine to a crawl to actually implement, and what about memory encryption, the processor doesn't know what the data being processed is.

Either way, I believe we are at a milestone here for both companies, where reverse engineering is going to reveal more issues of varying severity as they snipe at each other. At the end of the day we the consumer win with more secure products.
 
Joined
Nov 20, 2012
Messages
422 (0.10/day)
Location
Hungary
System Name masina
Processor AMD Ryzen 5 3600
Motherboard ASUS TUF B550M
Cooling Scythe Kabuto 3 + Arctic BioniX P120 fan
Memory 16GB (2x8) DDR4-3200 CL16 Crucial Ballistix
Video Card(s) Radeon Pro WX 2100 2GB
Storage 500GB Crucial MX500, 640GB WD Black
Display(s) AOC C24G1
Case SilentiumPC AT6V
Power Supply Seasonic Focus GX 650W
Mouse Logitech G203
Keyboard Cooler Master MasterKeys L PBT
Software Win 10 Pro
Graz University of Technology has been in the forefront of security vulnerabilities research since Spectre and Meltdown. At least three of the authors of this paper were also among authors of their Meltdown paper and at least one was among authors of their Spectre paper.

I absolutely do not get the instant dismissal when someone spots Intel somewhere.

Oh AMD... please never change?

I only tried to poke fun at the white paper, was not expecting such serious reactions to be honest.

Funding research on security problems that affects your own CPU designs, as well as your competitors is one thing.
Funding research to reverse engineer your competitors CPU design to uncover potential security problems is another.

In this paper, we present the first attacks on cache way predictors. For this purpose, we reverse-engineered the undocumented hashfunction of AMD’s L1D cache way predictor in microarchitectures from 2001 up to 2019. We discovered two different hash functions that have been implemented in AMD’s way predictors. Knowledge of these functions is the basis of our attack techniques.

...this is my "issue" with this finding.

Kinda like your neighbor with bad gardening skills is hiring some blokes to go over to your front lawn to dig a fresh new a hole into it.
Then said blokes go in front of their freshly dug hole while pointing at it and be like: "Yo everybody this a**hole has a hole in his lawn!"
Then you be like with standing in your doorway with a coffee mug and crumpled news paper: "Well no sh*t, you just dug one..."

So in this new cache issue...
Is this a problem? It is now.
Should AMD do something about it? Also yes, if they can.

Nice race to the bottom, guys. You can crawl back into your hole now and leave this for the adults.

No worries I'll crawl back to by cave as suggested.
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Funding research on security problems that affects your own CPU designs, as well as your competitors is one thing.
Funding research to reverse engineer your competitors CPU design to uncover potential security problems is another.
As mentioned in couple comments already, other security vulnerability papers specific to Intel CPUs - at least Fallout (one of MDS group) and Cacheout - also mention AMD in the exact same wording - generous gift.

Research into all kinds of undocumented functionalities is a constant effort. For example a link about finding undocumented opcodes was making rounds last week - https://www.cattius.com/images/undocumented-cpu-behavior.pdf. Edit: Now that I look at it, the presentation seems to originate from the same Graz TU.
 
Last edited:
Joined
Jan 31, 2010
Messages
5,566 (1.02/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) PowerColor HellHound RX7800XT 2550cclk/2450mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX7800XT via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 24H2)
Benchmark Scores it sucks even more less now ;)
does it require actually having physical access to the computer or can this be done via the internet with some form of malware either way it looks like a lot of work just compromise a system when there are far easier way to do it
 
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
does it require actually having physical access to the computer or can this be done via the internet with some form of malware either way it looks like a lot of work just compromise a system when there are far easier way to do it
They say it can be happenstanced in lockstep with knowing which branch will not be taken, in effect downloading the data you want. But it can only occur in misses, still.
 
Joined
Nov 21, 2010
Messages
2,355 (0.46/day)
Location
Right where I want to be
System Name Miami
Processor Ryzen 3800X
Motherboard Asus Crosshair VII Formula
Cooling Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory F4-3600C16Q-32GTZNC
Video Card(s) XFX 6900 XT Speedster 0
Storage 1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s) DELL AW3420DW / HP ZR24w
Case Lian Li O11 Dynamic XL
Audio Device(s) EVGA Nu Audio
Power Supply Seasonic Prime Gold 1000W+750W
Mouse Corsair Scimitar/Glorious Model O-
Keyboard Corsair K95 Platinum
Software Windows 10 Pro
To ask some valid questions instead of continuing the bashing of AMD vs. Intel - under what circumstance can this be used?

Same jokes as with Intel's vulns where the attacker already needs to have full admin access to the system?
Can this be used from outside sources without actual access?
Can this be exploited via malicious websites?

Those questions should be discussed here....

That's what I'm wondering myself,can this actually be exploited? is there a proof of concept?
 
Joined
Feb 25, 2012
Messages
63 (0.01/day)
1. TaW is not a vulnerability
2. TaW uses collisions in L1D way predictor. TaW is an another one side-channel, like cache-collisions and branch buffers, that can be used by other flaws, like Spectre V1&2
3. TaW can be used to weak ASLR
 
Joined
Jul 16, 2014
Messages
8,220 (2.15/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Patiently awaiting AMDs reply.

Intels contributions to the research may be innocent or there may be other motives, we'll never know exactly. Timing is everything.
 
Joined
Feb 11, 2020
Messages
254 (0.14/day)
Given Intel had ten months of preparation for the public release of LVI vulnerability - the very next day, I'm gonna be the cynic here and say Intel deliberately orchestrated this maneuver. And the lead researcher's honesty here is suspect at best.
 
Joined
Jul 9, 2015
Messages
3,413 (0.99/day)
System Name M3401 notebook
Processor 5600H
Motherboard NA
Memory 16GB
Video Card(s) 3050
Storage 500GB SSD
Display(s) 14" OLED screen of the laptop
Software Windows 10
Benchmark Scores 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.
Ok, this is some scary stuff. AMD has a serious problem to solve.

In the referenced PDF, section 5.2.3, a method is described by which Javascript itself can be configured to attack a system and supply harvested data straight through both Chrome and Firefox browsers. Theoretically, ANY browser that uses Javascript(99%) can potentially be used to attack a subject system.

It will be interesting to review the analysis and CVE for these new vulnerabilities.

It is a Spectre kind of attack, already addressed by, wait for it.... Spectre fixes.

Patiently awaiting AMDs reply.
AMD rep replied to toms, with what I've said above.
 
Joined
Jul 9, 2015
Messages
3,413 (0.99/day)
System Name M3401 notebook
Processor 5600H
Motherboard NA
Memory 16GB
Video Card(s) 3050
Storage 500GB SSD
Display(s) 14" OLED screen of the laptop
Software Windows 10
Benchmark Scores 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling.
Joined
Dec 31, 2009
Messages
19,372 (3.54/day)
Benchmark Scores Faster than yours... I'd bet on it. :)
Or perhaps you should take what "sponsored by Intel" team says about AMD processors with a grain of salt.

View attachment 147900
From your own article.....

The researchers do not agree, stating that this vulnerability is still active. Until the two sides agree it isn't possible to ascertain which viewpoint is more accurate. We'll update as necessary and keep an eye out for a CVE.
 
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
From your own article.....
From what I've garnered from techspot's review, the metadata is whether data is in l1d, or not - not it is vulnerable. They do a ping check to see if it is in access, or not. Obviously, not, if it accesses quickly(it is already overwritten a couple of times and now 'cold').
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
I have not said anything about LVI, neither does the link I posted. Why would it be related? LVI and Take A Way are not related in any tangible way, are they?
Author of that tweet is one of the authors of Take A Way paper, he is likely to know what he claims.
 
Joined
Jun 3, 2010
Messages
2,540 (0.48/day)
I have not said anything about LVI, neither does the link I posted. Why would it be related? LVI and Take A Way are not related in any tangible way, are they?
Author of that tweet is one of the authors of Take A Way paper, he is likely to know what he claims.
I just looked at flush and reload. It is the same with the first claimed vector. How is that an attack? Don't share memory, how hard is it to fence private memory. I mean, how could they be so stupid to build a firewall and let you go around the fence...
Please, hold on for my rand on the second clause, it is coming with more effervescence i must add.

I might be railing too hard. Lost my train of thought for a moment.
Let's look at it the other way - how easy would it be to cover latency imprint by masking with false accesses? It boggles my mind how much validation is accredited to indirect proofs.
 
Joined
Feb 3, 2017
Messages
3,831 (1.33/day)
Processor Ryzen 7800X3D
Motherboard ROG STRIX B650E-F GAMING WIFI
Memory 2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s) INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage 2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s) 42" LG C2 OLED, 27" ASUS PG279Q
Case Thermaltake Core P5
Power Supply Fractal Design Ion+ Platinum 760W
Mouse Corsair Dark Core RGB Pro SE
Keyboard Corsair K100 RGB
VR HMD HTC Vive Cosmos
Let's look at it the other way - how easy would it be to cover latency imprint by masking with false accesses?
Wouldn't that defeat the purpose of a cache or at least reduce its effectiveness? :)
 
Top