AMD Zen systems vulnerable to 'Inception' data leak side channel attack

published: Aug. 10, 2023

Take action: In order for your Ryzen computer to be compromised an attacker needs to have access to it and load a program. But every one will eventually download and execute some malware. So keep an eye for the microcode updates and plan to patch your Ryzen computers.

Learn More

Only 15 days after the Zenbleed vulnerability report, a new security vulnerability known as 'Inception' has come to light, posing a threat to the security of AMD Ryzen systems. The vulnerability was uncovered by researchers at ETH Zurich.

The security flaw specifically targets a range of AMD processors equipped with Zen cores. Termed 'Inception,' this flaw enables an attacker to exploit kernel memory and potentially gain access to confidential files on Linux-based machines under specific conditions.

Officially tracked as CVE-2023-20569 (CVSS score not calculated), this flaw is classified as a speculative execution-based side-channel attack, capable of potentially leaking sensitive data like passwords.

The researchers' report elaborates that this vulnerability extends to all AMD Ryzen CPUs that feature Zen cores, which encompasses a wide array of processors catering to desktops, laptops, data centers, and high-end desktops.

The researchers executed a proof-of-concept attack, showcasing how it could lead to the leakage of kernel memory at a rate of up to 39 bytes per second on Zen 4 processors. This means that an attacker could potentially leak the content of the /etc/shadow file on a Linux machine in just 40 minutes, revealing hashed user account passwords.

The researchers detail their methodology in creating the 'Inception' vulnerability. They leveraged a previously disclosed vulnerability known as 'Phantom speculation' to formulate a novel category of transient execution attacks called 'Training in Transient Execution' (TTE), which was then employed to craft the 'Inception' flaw.

AMD has acknowledged the seriousness of the issue and is taking steps to address it. The company is in the process of rolling out microcode updates to rectify the vulnerability in some of the affected processors. AMD has categorized the severity of the 'Inception' vulnerability as 'medium' and has emphasized that its exploitation is limited to local attacks, specifically involving downloaded malware.

While this may reduce the immediate threat level compared to remote code execution vulnerabilities, it still presents a significant concern until comprehensive updates are deployed across their processor lineup. As a result, AMD advises users with Zen-based processors to promptly apply available updates, either from their PC vendor or through operating system security patches.

AMD Zen systems vulnerable to 'Inception' data leak side channel attack