All AMD Zen Chips Are Vulnerable To The New Inception Attack, As Are Some Intel
But It’s Very Unlikely To Be Leveraged
Speculative branch attacks are getting to be all too common, with Inception adding yet another to the count. On the one hand it is quite worrisome as all Zen cores, from the original to the new generation of Zen 4 are theoretically vulnerable to it as well as a handful of Intel chips. If a system was infected it could allow the attacker to scoop passwords and RSA keys invisibly. The mitigation until the cores are patched would also have the same effect as prior speculative branch vulnerabilities, and no one wants to artificially slow the performance of their machine.
However there is good news about Inception as well, firstly that the attacker is required to already have significant control over the system to leverage the attack. This makes it almost redundant as the attacker would likely already have easier ways to grab that data with other more effective malware. The second piece of good news comes from AMD’s response to Bleeping Computers post, which is that Zen 1 and 2 are already immune to Inception and the patch for Zen 3 and 4 will be coming out as in a new AGESA update. The BIOS updates should then soon start to flow, with no impact on performance.
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models.
More Tech News From Around The Web
- Nvidia Unveils Faster Chip Aimed at Cementing AI Dominance @ Slashdot
- RIP Bram Moolenaar: Coding world mourns Vim creator @ The Register
- Chandrayaan-3: Historic India Moon Mission Sends New Photos of Lunar Surface @ Slashdot
- Alarm raised over Mozilla VPN: Wonky authorization check lets users cause havoc @ The Register
- Android 14 to let you block connections to unencrypted cellular networks @ Bleeping Computer
- Big chip players join forces to form another RISC-V venture @ The Register
- Developer logs reveal more details about next-gen Apple M3 and M3 Max chips @ Ars Technica
- ChatGPT’s odds of getting code questions correct are worse than a coin flip @ The Register
- Microsoft yanks internal Windows 11 testing tool soon after release @ The Register
I can’t find much about Intel’s response to Inception, noting that even Alder Lake cores are affected. Any word on that?
At a guess, Intel is going with the Windows patch and their own already implemented eIBRS mitigations as the resolution instead of patching their microcode as I am not seeing anything either.