New vulnerabilities stem from flaws in how CPUs handle speculative execution
Image:
The potential attacks stem from vulnerabilities in AMD processors
AMD has warned of new vulnerabilities that could be leveraged in cyberattacks harking back to the widespread Meltdown and Spectre flaws in 2018.
AMD has issued a security advisory revealing four newly discovered vulnerabilities in its processors, which could be exploited through a type of side-channel exploit dubbed Transient Scheduler Attacks (TSA).
The new bugs draw comparisons to the infamous Meltdown and Spectre vulnerabilities, which were first identified in 2018 and exploited speculative execution to extract sensitive information from memory.
While Meltdown largely impacts Intel CPUs, Spectre has a wider reach – affecting Intel, AMD and ARM processors alike.
Like those earlier threats, TSA can potentially lead to information disclosure, though AMD insists the newly discovered bugs are significantly harder to exploit.
The chipmaker says the vulnerabilities (CVE-2024-36350, CVE-2024-36357, CVE-2024-36348 and CVE-2024-36349) affect a wide range of AMD CPUs across consumer desktops, mobile devices and datacentre systems, including its third and fourth generation EPYC processors.
They were discovered while AMD investigated a Microsoft report highlighting potential microarchitectural data leaks.
The vulnerabilities stem from flaws in how CPUs handle speculative execution, a performance-enhancing technique that can unintentionally allow data leakage between different security boundaries.
AMD says the vulnerabilities manifest through two different attack pathways, dubbed TSA-L1 and TSA-SQ:
TSA-L1 targets the Level 1 (L1) cache. A flaw in how the L1 cache uses microtags for lookups can cause the CPU to assume data is present when it isn’t, leading to erroneous loads. Attackers can then analyse this behaviour to infer sensitive data.
TSA-SQ involves the CPU store queue. In this scenario, a load instruction mistakenly pulls data from the store queue when it shouldn’t, leaking information from previous operations – even across different software contexts, such as virtual machines or processes.
These attacks exploit what is known as “false completions”, where CPUs expect load instructions to finish quickly but underlying conditions prevent completion. The leaked data may then be forwarded to dependent operations, affecting execution timing in ways attackers can observe.
“Limited risk”
While the vulnerabilities range in severity – with two rated medium and two rated low –cybersecurity vendors Trend Micro and CrowdStrike have independently assessed the flaws as critical, citing the potential for kernel-level data leakage that could lead to privilege escalation, security bypasses and persistence.
Despite the alarming classification, AMD is downplaying the immediate risk to users. The company says successful exploitation requires local access, typically through malware or a malicious virtual machine, and only grants low-level user privileges – though elevated access could follow.
Crucially, these attacks cannot be launched remotely, such as via websites, and would need to be run repeatedly to reliably extract useful data.
Affected systems and mitigation
The TSA vulnerabilities affect a broad swath of AMD hardware spanning consumer desktops, mobile platforms and enterprise-grade datacentre systems.
System administrators should update to the latest Windows builds, which include patches to mitigate the vulnerabilities.
One mitigation involves the VERW instruction, which clears certain CPU buffers but may result in performance degradation.
Users are urged to keep systems patched and remain vigilant, especially in environments that allow multiple tenants or virtual machines.