Skip to main content

AMD processors have a worrying security flaw

(Image credit: Image Credit: AMD)

Most recent AMD processors contain flaws that allow hackers to gain access to sensitive data. The company was notified of the issue in August, but is yet to release a patch.

Security researchers from the Graz University of Technology have published a paper describing the flaws, which affect processors built within the last eight year.

The vulnerability is comprised of two exploits - Collide+Probe and Load+Reload - collectively referred to as Take A Way. These side channel attacks manipulate the L1D cache predictor to gain access to sensitive data.

"With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core," said the paper, shared via Twitter by researcher Moritz Lipp.

"With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.“

Researchers have already succeeded in harnessing the exploits on Chrome and Firefox web browsers.

In a statement issued on the company website, AMD said it was “aware” of the claims, but researchers say the flaws remain active at the time of writing.