Researchers have discovered a sidechannel vulnerability in many modern AMD processors. It is a weakness in the L1D cache. AMD will not release an update and says it is not about new vulnerabilities.
The research comes from scientists from the Austrian Technical University of Graz and the French University of Rennes. They call the vulnerability Take A Way. It is a weakness in the L1D cache. The researchers describe two attacks in their paper in which data from that cache can leak. They have also been able to carry out those attacks in practice.
The scientists have not drawn up a definitive list of affected CPUs. They say they exploited the vulnerability on AMD processors from 2011 through 2019. The researchers went to the company for disclosure in August last year, but AMD has not released an update or mitigation for the issue. On a security page, the company writes that the two vulnerabilities are not a problem, because they are “not new speculation-based attacks”. The company refers to previous measures it has taken to mitigate speculative execution attacks. Also, users should take other security measures, such as enabling antivirus.
The paper states that the research was funded in part by Intel. The company finances according to one of the researchers such papers are common, even when it comes to vulnerabilities in Intel’s own CPUs.