Researchers have uncovered a powerful new transient execution attack dubbed ‘Inception,’ capable of leaking privileged data from all AMD Zen CPUs, including the latest models.
Leveraging speculative execution, a feature in modern processors that enhances CPU performance, this attack exploits unprivileged processes to access sensitive information. By ingeniously combining the ‘Phantom speculation’ technique with the ‘Training in Transient Execution’ approach, the Inception attack manipulates CPU behavior, creating an overflow in the return stack buffer and allowing arbitrary data leakage from unprivileged processes on any AMD Zen CPU. Despite the presence of mitigations against known speculative execution attacks like Spectre, Inception’s data leak rate is 39 bytes/sec, potentially compromising passwords and encryption keys within seconds.
ETH Zurich’s researchers have found that this vulnerability impacts all AMD Zen-based Ryzen and EPYC CPUs, from Zen 1 to Zen 4, making them susceptible to Phantom and Inception attacks.
While Intel CPUs could be impacted by specific TTE (Training in Transient Execution) variants, the eIBRS mitigations on Intel CPUs offer some protection against the Phantom technique. This hardware-level flaw can potentially affect any operating system using vulnerable AMD CPUs, underscoring the severity of the issue.
To address this vulnerability, a potential mitigation strategy involves fully flushing the branch predictor state during context switching, albeit at the cost of significant performance overhead on older Zen 1(+) and Zen 2 CPUs. AMD has responded to the threat by releasing microcode updates for Zen 3 and Zen 4 CPUs, enabling a hardware-based mitigation feature. Owners of Zen-based AMD processors are advised to promptly install the latest microcode updates, which may be delivered through computer vendors or operating system security patches.
While the ETH Zurich team has created a proof-of-concept that runs on Linux, the hardware nature of the flaw implies that these attacks could work on various operating systems that use vulnerable AMD Zen CPUs.
The potential impact of Inception reinforces the ongoing challenge of maintaining hardware security in the face of evolving attack techniques, prompting AMD and other industry players to take swift action to safeguard users against such vulnerabilities.
