A newly discovered AMD Ryzen security vulnerability
A newly discovered AMD Ryzen Security Vulnerability called ‘Inception’ could potentially allow attackers to make the chipmaker’s processors believe they have seen certain instructions before, allowing them to obtain leaked data from the computer’s memory.
The flaw affects all Ryzen processor families based on Zen 3 and Zen 4 cores across different platforms, and AMD has outlined the full details in its official CVE-2023-20569 bulletin.
Researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) and the University of California, Irvine (UCI) discovered Inception, which is described as a “local privilege escalation vulnerability in AMD Zen-based CPUs.”
“The vulnerability allows unprivileged processes to infer the contents of privileged memory via a speculative execution side-channel attack,” AMD says. “The vulnerability is not unique to any particular application or industry and affects all software running on affected processors.”
The hardware manufacturer says it is not aware of any exploits outside of security research circles at the moment, and it is working on mitigations that will be released through standalone microcode patches or BIOS updates. However, the company does note that users of Zen or Zen 2 CPU architectures don’t require any patches, as these architectures already have built-in protections.
The good news is that AMD believes Inception is only potentially exploitable locally, such as through downloaded malware. However, researchers have suggested that the flaw could be used in the context of cloud computing where multiple customers share the same hardware resource.
“Inception is a local privilege escalation vulnerability in AMD Zen-based CPUs,” the AMD security advisory says. “The vulnerability allows unprivileged processes to infer the contents of privileged memory via a speculative execution side-channel attack.”
The chipmaker also shares some best practices for mitigating the risks of Inception, which include “following good general system security practices” and ensuring that all software is up to date.
Earlier this week, fellow chipmaker Intel also discovered a security vulnerability called the “Intel ‘Downfall’ bug,” which affects architectures from Sky Lake to Tiger Lake/Ice Lake.
This discovery highlights the ongoing challenges in ensuring the security of computer processors, as researchers and manufacturers continue to work together to identify and mitigate potential vulnerabilities.
While this is an important ongoing battle, it’s also important to remember that our ever-evolving technology requires constant vigilance in maintaining security measures. By staying informed and taking necessary precautions, we can continue to help protect our systems from potential exploits.
