Article Details

AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs. Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The attacks, called Transient Scheduler Attacks (TSA), manifests in the form of a speculative side channel in its CPUs that leverages execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage," AMD said in an advisory. The company said issues were uncovered as part of a study published by Microsoft and ETH Zurich researchers about testing modern CPUs against speculative execution attacks like Meltdown and Foreshadow by stress testing isolation between security domains such as virtual machines, kernel, and processes. Following responsible disclosure in June 2024, the issues have been assigned the below CVE identifiers - AMD has described TSA as a "new class of speculative side channels" affecting its CPUs, stating it has released microcode updates for impacted processors - The company also noted that instructions that read data from memory may experience what's referred to as "false completion," which occurs when CPU hardware expects the load instructions to complete quickly, but there exists a condition that prevents it from happening – In this case, dependent operations may be scheduled for execution before the false completion is detected. As the load did not actually complete, data associated with that load is considered invalid. The load will be re-executed later in order to complete successfully, and any dependent operations will re-execute with the valid data when it is ready. Unlike other speculative behavior such as Predictive Store Forwarding, loads that experience a false completion do not result in an eventual pipeline flush. While the invalid data associated with a false completion may be forwarded to dependent operations, load and store instructions which consume this data will not attempt to fetch data or update any cache or TLB state. As such, the value of this invalid data cannot be inferred using standard transient side channel methods. In processors affected by TSA, the invalid data may however affect the timing of other instructions being executed by the CPU in a way that may be detectable by an attacker. The chipmaker said it has identified two variants of TSA, TSA-L1 and TSA-SQ, based on the source of the invalid data associated with a false completion: either the L1 data cache or the CPU store queue. In a worst-case scenario, successful attacks carried out using TSA-L1 or TSA-SQ flaws could lead to information leakage from the operating system kernel to a user application, from a hypervisor to a guest virtual machine, or between two user applications. While TSA-L1 is caused by an error in the way the L1 cache uses microtags for data-cache lookups, TSA-SQ vulnerabilities arise when a load instruction erroneously retrieves data from the CPU store queue when the necessary data isn't yet available. In both cases, an attacker could infer any data that is present within the L1 cache or used by an older store, even if they were executed in a different context. That said, exploiting these flaws requires an attacker to obtain malicious access to a machine and possess the ability to run arbitrary code. It's not exploitable through malicious websites. "The conditions required to exploit TSA are typically transitory as both the microtag and store queue will be updated after the CPU detects the false completion," AMD said. "Consequently, to reliably exfiltrate data, an attacker must typically be able to invoke the victim many times to repeatedly create the conditions for the false completion. This is most likely possible when the attacker and victim have an existing communication path, such as between an application and the OS kernel."