Ethical Hacking News
AMD has warned users of a newly discovered form of side-channel attack affecting a broad range of its chips, which could lead to information disclosure.
AMD has issued a warning about a new Transient Scheduler Attack (TSA) that could potentially lead to information disclosure on its chips. The TSA comprises two medium-severity and two low-severity rated bugs caused by errors in microtag usage for lookups. The attacks require only low privileges to succeed but are difficult to carry out due to complexity. Affected chip series include desktop, mobile, and datacenter models, including 3rd gen and 4th gen EPYC chips. Two variants of TSA (TSA-L1 and TSA-SQ) can be executed on AMD chips, inferring data from L1 cache and CPU store queue respectively.
AMD has issued a warning to its users regarding a new form of side-channel attack that could potentially lead to information disclosure on its chips. The attack, known as the Transient Scheduler Attack (TSA), is similar in nature to Meltdown and Spectre, but with four distinct vulnerabilities that have been identified by AMD.
The TSA comprises two medium-severity rated bugs and two low-severity rated bugs, which are caused by errors in the way AMD's chips utilize microtags for lookups. The L1 cache uses these microtags to facilitate quick access to data, but an error in this process can lead to incorrect data being loaded into the CPU. This, in turn, allows an attacker to infer sensitive information from the load instructions.
The TSA-SQ variant of the attack is caused by a similar issue with the store queue, which retrieves data from previously executed stores even if they were run in a different context. This can allow an attacker to infer data from the OS kernel and other previously loaded stores.
AMD has stated that the attacks require only low privileges to succeed, but are difficult to carry out due to the high degree of complexity involved. The attacks also do not appear to be exploitable via malicious websites, and would need to be executed multiple times in order to reliably exfiltrate any data.
In an effort to mitigate the risk posed by the TSA, AMD has released a list of affected chip series, which includes desktop, mobile, and datacenter models, including 3rd gen and 4th gen EPYC chips. It is recommended that sysadmins update their systems to the latest Windows builds in order to protect against these TSAs.
Furthermore, AMD has stated that there are two different TSA variants that can feasibly be executed on its chips: TSA-L1 and TSA-SQ. These variants refer to side-channel attacks that can infer data from the L1 cache and CPU store queue respectively.
In addition to the technical details of the attack, it is worth noting that AMD has stated that the TSAs are not exploitable via malicious websites, but would require local access to the machine in order to succeed. This implies that a successful attack on an AMD chip would likely involve running arbitrary code on the target machine.
The full list of affected chips can be viewed on AMD's advisory page. In summary, AMD has issued a warning regarding a new side-channel attack that could potentially lead to information disclosure on its chips. The attack is similar in nature to Meltdown and Spectre, but with four distinct vulnerabilities that have been identified by AMD.
AMD has warned users of a newly discovered form of side-channel attack affecting a broad range of its chips, which could lead to information disclosure.
Related Information:
https://www.ethicalhackingnews.com/articles/Amd-Warnings-of-New-Meltdown-Spectre-like-Bugs-Affecting-CPUs-A-Deep-Dive-into-the-Transient-Scheduler-Attack-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/09/amd_tsa_side_channel/
Published: Wed Jul 9 13:01:28 2025 by llama3.2 3B Q4_K_M
