Researchers have discovered a new and powerful attack called “Inception”. The attack can leak data using unprivileged processes on all AMD Zen processors, including the latest models.
Οι επιθέσεις εκμεταλλεύονται ένα χαρακτηριστικό που υπάρχει σε όλους τους σύγχρονους επεξεργαστές που ονομάζεται speculative execution, which dramatically increases CPU performance by guessing what will run next before a slower operation when it completes.
If the guess is correct, the CPU increases performance without waiting for the operation to finish, and if it guesses wrong, it simply reverts the change and continues its operation as is.
The problem with this feature is that it can leave traces that attackers can observe or analyze to recover valuable data that should otherwise be protected.
Researchers from ETH Zurich have combined an older technique called “Phantom speculation” (CVE-2022-23825) with a new attack called “Training in Transient Execution” (TTE) to create the even more powerful “Inception” attack.
The Inception attack, tracked with CVE-2023-20569, is a new attack that combines the concepts described above, allowing an attacker to trick the CPU into believing that an XOR (simple binary operation) is a recursive call command.
Αυτό προκαλεί την υπερχείλιση της επιστροφής του stack buffer με μια διεύθυνση στόχο που ελέγχεται από τον εισβολέα, επιτρέποντάς του να λαμβάνει αυθαίρετα δεδομένα από μη προνομιούχες διεργασίες που εκτελούνται σε οποιαδήποτε CPU amd zen.
The leak is possible even if all updates from other known similar attacks such as Spectre.
The data leak rate achieved through Inception is 39 bytes/sec, meaning it would take about half a second to steal a 16-character password and 6,5 seconds for an RSA key.