Security researchers at TU Graz University (Graz University of Technology) in Austria have found a couple of new security breaches in AMD processors named Collide + Probe and Load + Reload. These side-channel attack security exploits that exploit security vulnerabilities in the processor to access user information.
The new attack pair uses a similar method to the Security Specter breach that was detected in 2018 when it uses the L1D cache predictor mechanism of AMD processors to gain access to user information in 2 different ways. According to the researchers, the pair of security breaches affect all AMD processors from 2011 to 2019. Information about the new breach was passed to AMD in August 2019.
However, the pair of new security breaches come with a “little asterisk” that happened to be found by the Hardware Unboxed website that read the full research document, which states that it is, at least in part, sponsored by Intel. While this detail does not detract from the fact that 2 new security breaches have been detected, it does raise some questions, especially with the proximity to discover the large security breach in Intel processors.
In an official response to the new loopholes, AMD said
“We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks.” the company said.
While security breaches, severe or minor, should not be underestimated to avoid unnecessary risk, it is always recommended to install the various software and firmware updates to resolve similar security issues discovered by security researchers. It remains to be seen whether the new security patches will arrive and whether, as AMD said, the previous patches made to the company’s processors also fix them.