AMD Chips Exposed to Data Leaks in Speculation Flaw

Advanced Micro Devices has identified critical security vulnerabilities impacting a broad range of its processor families. The flaws, rooted in speculative execution mechanisms, expose AMD chips to data leakage through timing-based side-channel attacks. These vulnerabilities, outlined in four CVE entries, affect both enterprise-grade and consumer-grade environments, raising concerns about data confidentiality. AMD chips exposed to data are at heightened risk, particularly in virtualized or multi-tenant systems.

The company traced the issue to Microsoft research that examined microarchitectural leakage boundaries. The attacks exploit store-to-load forwarding, L1 data cache access, and control register inference, enabling unauthorized data extraction. AMD chips exposed to data include EPYC servers, Ryzen CPUs across the 5000 to 8000 series, and Zen 3 and Zen 4-based platforms.

Firmware and OS updates will begin rolling out between December 2024 and January 2025. AMD urges users to apply both OEM firmware and matching OS patches to fully mitigate the threat.

AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets