Inception Vulnerability in AMD RyZen
Share this:
Just after the emergence of the Zenbleed exploit affecting Zen 2-based AMD CPUs, researchers from ETH Zurich have detailed yet another critical vulnerability that affects a range of AMD processors with Zen cores.
The vulnerability called ‘Inception’ can reportedly leak kernel memory and access sensitive files on Linux machines under certain conditions. The vulnerability affects all AMD Ryzen CPUs with Zen cores, meaning a range of processors meant for desktops, laptops, data centers, and HEDT are vulnerable to the bug.
As part of a PoC, researchers showed that it can leak kernel memory at a rate of up to 39 bytes per second on Zen 4 processors, enabling them to leak /etc/shadow on a Linux machine in just 40 minutes. The leaked file reportedly included hashed user account passwords and was only accessible by the root user.
The researchers said they used a previously disclosed vulnerability called ‘Phantom speculation’ to design a new class of transient execution attacks called Training in Transient Execution (TTE), which was then used to create Inception. Tracked as CVE-2023-20569, it is described as a speculative execution-based side-channel attack that can leak passwords and other sensitive data.
AMD has acknowledged the issue and is rolling out microcode updates to fix the problem with some of the affected processors.
The severity level of Inception as ‘medium’ and said that the vulnerability is only exploitable locally, via downloaded malware. While that makes it relatively less dangerous than typical RCE flaws, it is still a cause for concern until AMD is able to roll out updates for all the affected chips in its lineup.
