AMD has alerted users to the discovery of a new form of side-channel attack that resembles the infamous Meltdown and Spectre vulnerabilities. These new exploits are particularly concerning for users of AMD’s desktop, mobile, and data center processors, with a focus on their 3rd and 4th generation Epyc server processors.
The vulnerabilities, collectively called the Transient Scheduler Attack (TSA), comprise four individual vulnerabilities identified during an investigation triggered by a Microsoft report concerning microarchitectural leaks. AMD has categorized the TSA variants into two types: TSA-L1, which can infer data from the L1 cache, and TSA-SQ, capable of stealing data from the CPU store queue.
While the potential severity of these vulnerabilities is a point of concern, AMD has rated two of the vulnerabilities as medium and the other two as low in terms of risk. The relative low severity can be attributed to several factors: a successful attack requires significant complexity, the attacker must execute arbitrary code on the machine, and they need local access to the system. Furthermore, attacks would have to be repeated multiple times to extract any useful data, and even then, the data leakage could potentially involve the OS kernel or virtual machines.
To address these vulnerabilities, AMD has released Platform Initialization (PI) firmware updates to original equipment manufacturers (OEMs). Customers are advised to contact their OEM for relevant BIOS updates and to consult with operating system vendors for guidance on enabling the corresponding mitigation measures.
For more details on AMD’s vulnerabilities, visit their official site for specific information regarding security bulletins and patches.
