A group of researchers from the Graz University of Technology (Austria), previously known for developing attack methods , , ΠΈ , conducted research on AMD processor-specific hardware optimizations and two new side-channel attacks that manipulate data leaks in the LXNUMX cache channel prediction mechanism of AMD processors. The techniques can be used to reduce the effectiveness of ASLR protection, recover keys in vulnerable AES implementations, and increase the effectiveness of the Specter attack.
Problems have been identified in the implementation of the channel predictor mechanism in the CPU L1D data cache used to predict which cache channel reflects a particular memory address. The optimization used in AMD processors is based on checking ΞΌ-tags (ΞΌTag). ΞΌTag is calculated by applying a specific hash function to the virtual address. During operation, the channel prediction engine uses Β΅Tag to determine the cache channel from the table. Thus, ΞΌTag allows the processor to limit itself to accessing only a specific channel, without enumeration of all options, which significantly reduces CPU power consumption.
In the course of reverse engineering the implementation of the channel prediction system in various generations of AMD processors released from 2011 to 2019, two new side-channel attack techniques were identified:
- Collide+Probe - allows an attacker to monitor memory access for processes running on the same logical CPU core. The essence of the method is the use of virtual addresses that cause collisions of the hash function used to calculate ΞΌTag to track memory access. Unlike the Flush+Reload and Prime+Probe attacks used on Intel processors, Collide+Probe does not use shared memory and works without knowledge of physical addresses.
- Load+Reload - allows you to very accurately determine the traces of memory access on the same physical CPU core. The method is based on the fact that a physical memory cell can be found in the L1D cache only once. Those. accessing the same memory location at a different virtual address will cause the location to be evicted from the L1D cache, allowing memory access to be tracked. Although the attack depends on shared memory, it does not cause cache lines to be flushed, which allows for stealth attacks that do not evict data from the last level cache.
Based on the Collide+Probe and Load+Reload techniques, researchers have demonstrated several scenarios for side-channel attacks:
- The possibility of using methods for organizing a hidden indirect communication channel between two processes is shown, which makes it possible to transfer data at a speed of up to 588 kB per second.
- Using collisions in ΞΌTag, we managed to achieve entropy reduction for different ASLR (Address Space Layout Randomization) variants and bypass ASLR protection in the kernel on a completely updated Linux system. It is shown that an ASLR entropy reduction attack can be carried out both from user applications and using JavaScript code running in a sandbox environment and code running in another guest environment.
- Based on the Collide+Probe method, an attack was implemented to recover the encryption key from a vulnerable implementation (based on ) AES encryption.
- By using the Collide+Probe method as a data acquisition channel, Specter was able to extract private data from the kernel without using shared memory.
Vulnerability manifests itself on AMD processors based on microarchitectures
Bulldozer, Piledriver, Steamroller, Zen (Ryzen, Epic), Zen+ and Zen2.
AMD was notified of the issue on August 23, 2019, but so far with information about blocking the vulnerability. According to the researchers, the problem can be blocked at the microcode update level by providing MSR bits to selectively disable the channel prediction system, similar to what Intel did to control the disabling of branch prediction mechanisms.
Source: opennet.ru