AMD, a leading semiconductor manufacturer, has recently alerted users about a series of vulnerabilities that may affect a wide range of its chipsets, collectively known as Transient Scheduler Attacks (TSA). These vulnerabilities represent a speculative side channel in the CPUs, possibly leading to information disclosure due to the particular timing of instruction execution under specific microarchitectural conditions. According to the company’s advisory, attackers could utilize these timing discrepancies to harvest sensitive data from other contexts, thus posing a significant security risk to various systems.
The vulnerabilities were identified as part of a joint research effort by Microsoft and ETH Zurich, examining modern CPUs against speculative execution attacks. Research findings have highlighted the potential for such flaws to allow unauthorized data access across different operational domains, such as virtual machines and kernel processes. Microsoft and ETH Zurich presented their study in detail, aiming to stress-test the isolation measures in place to prevent such information leaks.
AMD reported that four specific vulnerabilities have been documented under the Common Vulnerabilities and Exposures (CVE) identifiers, with varying severity levels. The CVE-2024-36350 and CVE-2024-36357 have been assigned a medium CVSS score of 5.6, indicating a need for immediate remedial measures. More serious implications are associated with these vulnerabilities as they could lead to unauthorized access to privileged information. The other two vulnerabilities, with scores of 3.8, reflect potential risks of information leakage despite existing security features.
Despite the seriousness of the issue, AMD has acted promptly by releasing microcode updates for many impacted processors, which include the 3rd and 4th Generation EPYC Processors, various Ryzen models, and others. The company elucidated that exploiting TSA vulnerabilities necessitates a malicious actor to gain unauthorized access to a machine, enabling the execution of arbitrary code. Users are encouraged to apply updates and remain vigilant against potential threats until all patches are fully deployed.
In worst-case scenarios, the exploitation of TSA vulnerabilities could allow data to leak from the operating system kernel to user applications or between virtual machines. However, AMD underscored that these attack conditions are transient and posses significant challenges for potential attackers, rendering these vulnerabilities exploitable primarily within controlled environments. The implications of such findings underscore the ongoing need for security enhancements in semiconductor designs and the vigilance required in safeguarding sensitive information.