Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.
ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
Our work shows that it is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations. This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack surface, considering today’s AMD market share of around 36%… Read
China blocks use of Intel and AMD chips in government computers, FT reports
China has introduced guidelines to phase out U.S. microprocessors from Intel (INTC.O), opens new tab and AMD (AMD.O), opens new tab from government personal computers and servers, the Financial Times reported on Sunday. The procurement guidance also seeks to sideline Microsoft's (MSFT.O), opens new tab Windows operating system and foreign-made database software in favour of domestic options, the report said.
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…
CacheWarp is a new software fault attack on AMD SEV-ES and SEV-SNP. It allows attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM.
Nearly every AMD CPU since 2017 vulnerable to Inception bug
AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.
It turns out that with precise scheduling, you can cause some processors to recover from a mispredicted vzeroupper incorrectly! This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products