Researchers Uncover 'Inception' Flaw in AMD CPUsVulnerability Allows Manipulation of CPU to Leak Data
Security researchers uncovered a vulnerability in Advanced Micro Devices chips that could allow hackers to trick a computer system into leaking data from its kernel.
The flaw, tracked as CVE-2023-20569, and dubbed "Inception," affects all versions of AMD Zen computer processing unit. The researchers named the flaw after the 2010 movie of the same name, since both the hacking technique and the film's plot involve planting false ideas into memory. When exploited, the flaw allows attackers to inject code that will make the targeted devices misinterpret data, causing data leaks from the processor, a new paper from security researchers at Swiss university ETH Zürich finds.
"Our results show that we are able to successfully leak the root password hash in all 10 runs, in a median of 11 minutes and 38 seconds," the report says.
To exploit the flaw, the researchers chained an older AMD vulnerability called Phantom Speculation that causes AMD processors to make a wrong branch predictor - that is, to force the computer to make an incorrect guess about the next instruction to execute. Computer processors use branch prediction to speed up calls to memory, which are relatively slow.
Researchers were able to inject new predictions, tricking the processor into believing the predictions were instructions it had seen before, which allowed the researchers to bypass security checks that earlier ensured only trustworthy predictions would be processed.
This further allowed the researchers to leak data from "anywhere in the computer’s memory," including the kernel.
Kaveh Razavi, the lead research supervisor, said the attack is particularly dangerous for cloud computing platforms on which several customers share the same hardware.
Although the vulnerability has not been exploited previously, Razavi said hackers can potentially adopt the tactics to conduct monthslong stealth operations, since exploitation at kernel level is harder to detect and mitigate.
On discovering the vulnerability, the researchers said, they alerted AMD, which disabled prediction return in the kernel.
Razavi said his team is currently evaluating if other CPU vendors are vulnerable to the same flaw. Their analysis found that Intel CPUs are vulnerable to the prediction manipulation tactic. "While this certainly increases the known attack surface, it remains to be seen whether practical exploitation is possible on Intel CPUs," he said.