Endpoint Security , Hardware / Chip-level Security

Researchers Uncover 'Inception' Flaw in AMD CPUs

Vulnerability Allows Manipulation of CPU to Leak Data
Researchers Uncover 'Inception' Flaw in AMD CPUs
Image: Shutterstock

Security researchers uncovered a vulnerability in Advanced Micro Devices chips that could allow hackers to trick a computer system into leaking data from its kernel.

The flaw, tracked as CVE-2023-20569, and dubbed "Inception," affects all versions of AMD Zen computer processing unit. The researchers named the flaw after the 2010 movie of the same name, since both the hacking technique and the film's plot involve planting false ideas into memory. When exploited, the flaw allows attackers to inject code that will make the targeted devices misinterpret data, causing data leaks from the processor, a new paper from security researchers at Swiss university ETH Zürich finds.

"Our results show that we are able to successfully leak the root password hash in all 10 runs, in a median of 11 minutes and 38 seconds," the report says.

To exploit the flaw, the researchers chained an older AMD vulnerability called Phantom Speculation that causes AMD processors to make a wrong branch predictor - that is, to force the computer to make an incorrect guess about the next instruction to execute. Computer processors use branch prediction to speed up calls to memory, which are relatively slow.

Researchers were able to inject new predictions, tricking the processor into believing the predictions were instructions it had seen before, which allowed the researchers to bypass security checks that earlier ensured only trustworthy predictions would be processed.

This further allowed the researchers to leak data from "anywhere in the computer’s memory," including the kernel.

Kaveh Razavi, the lead research supervisor, said the attack is particularly dangerous for cloud computing platforms on which several customers share the same hardware.

Although the vulnerability has not been exploited previously, Razavi said hackers can potentially adopt the tactics to conduct monthslong stealth operations, since exploitation at kernel level is harder to detect and mitigate.

On discovering the vulnerability, the researchers said, they alerted AMD, which disabled prediction return in the kernel.

Razavi said his team is currently evaluating if other CPU vendors are vulnerable to the same flaw. Their analysis found that Intel CPUs are vulnerable to the prediction manipulation tactic. "While this certainly increases the known attack surface, it remains to be seen whether practical exploitation is possible on Intel CPUs," he said.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.