
Swiss researchers find Inception vulnerability in AMD processors

Researchers at ETH Zurich have found a new vulnerability that can leave AMD processors open to attack by hackers.
The Inception vulnerability, labelled by AMD as CVE-2023-20569, occurs in the look up table used for accessing DRAM. This has been attacked before in vulnerabilities such as Spectre.
The vulnerability was identified by a team of researchers at ETH led by Kaveh Razavi, professor in the Department of Information Technology and Engineering. Razavi and his colleagues are presenting their research at the USENIX Security 2023 which starts today.
- Major security vulnerabilities found in DRAM
- Researchers find new vulnerabilities in Intel processors
- Microsemi reveals results of Spectre and Meltdown investigation
The researchers informed AMD early on to give time to provide a security patch but are now looking at other processor architectures.
“In fact, much like the movie of the same name, the Inception attack is particularly complex and difficult to explain,” says Daniël Trujillo, a master’s student who found this new attack during his thesis work in Razavi’s group, supervised by PhD student Johannes Wikner. “Tthe crux of the matter with all these attacks is rather simple – namely, the fact that a computer’s CPU has to make guesses all the time, and those guesses can be tampered with,” said Wikner.
“The Spectre attack, which was discovered in 2018, is based on such mispredictions”, says Razavi, “but initially it seemed that manufacturers had found ways to mitigate it.” This is by partly deleting the look-up table when switching between security contexts or adding a bit that tells the CPU whether or not a prediction in the look-up table was created in the kernel and can, therefore, be trusted.
- Vulnerabilities in PMbus can brick server boards
- Tool attacks Intel chips via power meter
- Icefall identifies vulnerabilities in industrial equipment
Nevertheless, Razavi and his co-workers set out to test whether even with the new security measures an attack could be launched. After a lengthy search, they stumbled upon something strange: “It looked as though we could make the CPUs manufactured by AMD believe that they had seen certain instructions before, whereas in reality that had never happened,” says Trujillo.
As a consequence, the look-up table could, once again, be manipulated. Since the CPU was convinced that the entries in the look-up table originated from instructions it had seen before, the security feature that is meant to ensure that only trustworthy predictions are taken into consideration was bypassed. In this way, the ETH researchers were able to leak data from anywhere in the computer’s memory, including sensitive information such as the hash of the root password.
“We have shown this concept of a new class of dangerous attacks, which is particularly relevant in the context of cloud computing, where several customers share the same hardware,” says Razavi. “It also raises questions for the future.” He wants to find out if there are other similar attacks and whether an Inception-like attack is also possible on CPUs from other manufacturers.
