AMD Ryzen CPUs vulnerable to inception attack

Share post:

Researchers from ETH Zurich have discovered a new security vulnerability in AMD Ryzen CPUs that could allow attackers to leak kernel memory and access sensitive files. The vulnerability, called “Inception,” is a speculative execution-based side-channel attack that is similar to the Spectre and Meltdown vulnerabilities that affected Intel CPUs in 2018.

Inception affects all AMD Ryzen CPUs with Zen cores, including desktop, laptop, and server processors. This would enable malevolent actors to extract the ‘/etc/shadow’ file from a Linux machine within 40 minutes. This leaked file is reported to contain encrypted user account passwords, exclusively accessible to the root user.

Researchers substantiated their findings through a proof-of-concept demonstration, showcasing the leakage of kernel memory at a up to 39 bytes per second on Zen 4 processors. The threat actors also harnessed a previously identified vulnerability, termed ‘Phantom speculation,’ to devise a new category of transient execution attacks called ‘Training in Transient Execution (TTE).’ This new approach became the foundation for ‘Inception.’ Designated as CVE-2023-20569.

AMD has acknowledged the Inception vulnerability and is working on a fix. In the meantime, users of AMD Ryzen CPUs should update their operating systems and BIOS to the latest available versions.

The sources for this piece include an article in TechSpot.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways