AMD Ryzen CPUs vulnerable to inception attack

Share post:

Researchers from ETH Zurich have discovered a new security vulnerability in AMD Ryzen CPUs that could allow attackers to leak kernel memory and access sensitive files. The vulnerability, called “Inception,” is a speculative execution-based side-channel attack that is similar to the Spectre and Meltdown vulnerabilities that affected Intel CPUs in 2018.

Inception affects all AMD Ryzen CPUs with Zen cores, including desktop, laptop, and server processors. This would enable malevolent actors to extract the ‘/etc/shadow’ file from a Linux machine within 40 minutes. This leaked file is reported to contain encrypted user account passwords, exclusively accessible to the root user.

Researchers substantiated their findings through a proof-of-concept demonstration, showcasing the leakage of kernel memory at a up to 39 bytes per second on Zen 4 processors. The threat actors also harnessed a previously identified vulnerability, termed ‘Phantom speculation,’ to devise a new category of transient execution attacks called ‘Training in Transient Execution (TTE).’ This new approach became the foundation for ‘Inception.’ Designated as CVE-2023-20569.

AMD has acknowledged the Inception vulnerability and is working on a fix. In the meantime, users of AMD Ryzen CPUs should update their operating systems and BIOS to the latest available versions.

The sources for this piece include an article in TechSpot.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for the week ending Friday, Sept. 29, 2023

This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy a

Admins urged to quickly patch holes in WS_FTP file transfer server

This is the fourth file transfer application -- and the second from Progress Software -- to recently face critical vulne

Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more

This episode reports on a China-based group that specializes in hacking branch office routers of major

Champagne squeezed to produce proposed amendments on privacy, AI bills

Opposition gives government five business days to produce proposed

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways