{"id":14425,"date":"2025-07-10T12:11:30","date_gmt":"2025-07-10T12:11:30","guid":{"rendered":"https:\/\/newestek.com\/?p=14425"},"modified":"2025-07-10T12:11:30","modified_gmt":"2025-07-10T12:11:30","slug":"amd-discloses-new-cpu-flaws-that-can-enable-data-leaks-via-timing-attacks","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14425","title":{"rendered":"AMD discloses new CPU flaws that can enable data leaks via timing attacks"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

AMD has disclosed four new processor vulnerabilities that could allow attackers to steal sensitive data from enterprise systems through timing-based side-channel attacks. The vulnerabilities, designated AMD-SB-7029 and known as Transient Scheduler Attacks, affect a broad range of AMD processors, including data center EPYC chips and enterprise Ryzen processors.<\/p>\n

The disclosure has immediately sparked a severity rating controversy, with leading cybersecurity firm CrowdStrike classifying key flaws as \u201ccritical\u201d threats despite AMD\u2019s own medium and low severity ratings. This disagreement highlights growing challenges enterprises face when evaluating processor-level security risks.<\/p>\n

The company has begun releasing Platform Initialization firmware updates to Original Equipment Manufacturers while coordinating with operating system vendors on comprehensive mitigations.<\/p>\n

Timing attacks exploit processor optimization features<\/h2>\n

The vulnerabilities emerged from AMD\u2019s investigation of a Microsoft research report<\/a> titled \u201cEnter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks.\u201d AMD discovered what it calls \u201ctransient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions.\u201d<\/p>\n

These attacks exploit \u201cfalse completions\u201d in processor operations. When CPUs expect load instructions to complete quickly but conditions prevent successful completion, attackers can measure timing differences to extract sensitive information.<\/p>\n

\u201cIn some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage,\u201d AMD stated in its security bulletin<\/a>.<\/p>\n

AMD has identified two distinct attack variants that enterprises must understand. TSA-L1 attacks target errors in how the L1 cache handles microtag lookups, potentially causing incorrect data loading that attackers can detect. TSA-SQ attacks occur when load instructions erroneously retrieve data from the store queue when required data isn\u2019t available, potentially allowing inference of sensitive information from previously executed operations, the bulletin added.<\/p>\n

The scope of affected systems presents significant challenges for enterprise patch management teams. Vulnerable processors include 3rd and 4th generation EPYC processors powering cloud and on-premises data center infrastructure, Ryzen series processors deployed across corporate workstation environments, and enterprise mobile processors supporting remote and hybrid work arrangements.<\/p>\n

CrowdStrike elevates threat classification despite CVSS scores<\/h2>\n

While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as \u201cCritical information disclosure vulnerabilities in AMD processors,\u201d despite both carrying CVSS scores of just 5.6.<\/p>\n

According to CrowdStrike\u2019s threat assessment<\/a>, these vulnerabilities \u201caffecting Store Queue and L1 Data Queue respectively, allow authenticated local attackers with low privileges to access sensitive information through transient scheduler attacks without requiring user interaction.\u201d<\/p>\n

This assessment reflects enterprise-focused risk evaluation that considers operational realities beyond technical complexity. The combination of low privilege requirements and no user interaction makes these vulnerabilities particularly concerning for environments where attackers may have already gained initial system access through malware, supply chain compromises, or insider threats.<\/p>\n

CrowdStrike\u2019s classification methodology appears to weigh the potential for privilege escalation and security mechanism bypass more heavily than the technical prerequisites. In enterprise environments where sophisticated threat actors routinely achieve local system access, the ability to extract kernel-level information without user interaction represents a significant operational risk regardless of the initial attack complexity.<\/p>\n

Microsoft coordinates cross-vendor response<\/h2>\n

According to CrowdStrike, \u201cMicrosoft has included these AMD vulnerabilities in the Security Update Guide because their mitigation requires Windows updates. The latest Windows builds enable protections against these vulnerabilities.\u201d<\/p>\n

The coordinated response reflects the complexity of modern processor security, where vulnerabilities often require simultaneous updates across firmware, operating systems, and potentially hypervisor layers. Microsoft\u2019s involvement demonstrates how processor-level security flaws increasingly require ecosystem-wide coordination rather than single-vendor solutions.<\/p>\n

Both Microsoft and AMD assess exploitation as \u201cLess Likely,\u201d with CrowdStrike noting \u201cthere is no evidence of public disclosure or active exploitation at this time.\u201d The security firm compared these flaws to previous \u201cspeculative store bypass vulnerabilities\u201d that have affected processors, suggesting established mitigation patterns can be adapted for the new attack vectors.<\/p>\n

AMD\u2019s mitigation strategy involves what the company describes as Platform Initialization firmware versions that address the timing vulnerabilities at the processor level. However, complete protection requires corresponding operating system updates that may introduce performance considerations for enterprise deployments.<\/p>\n

Enterprise implications beyond traditional scoring<\/h2>\n

The CrowdStrike assessment provides additional context for enterprise security teams navigating the complexity of processor-level vulnerabilities. While traditional CVSS scoring focuses on technical attack vectors, enterprise security firms like CrowdStrike often consider broader operational risks when classifying threats.<\/p>\n

The fact that these attacks require only \u201clow privileges\u201d and work \u201cwithout requiring user interaction\u201d makes them particularly concerning for enterprise environments where attackers may have already gained initial access through other means. CrowdStrike\u2019s critical classification reflects the reality that sophisticated threat actors regularly achieve the local access prerequisites these vulnerabilities require.<\/p>\n

Microsoft\u2019s assessment that \u201cthere is no known exploit code available anywhere\u201d provides temporary reassurance, but enterprise security history demonstrates that proof-of-concept code often emerges rapidly following vulnerability disclosures.<\/p>\n

The TSA vulnerabilities also coincide with broader processor security concerns. Similar to previous side-channel attacks like Spectre and Meltdown, these flaws exploit fundamental CPU optimization features, making them particularly challenging to address without performance trade-offs.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

AMD has disclosed four new processor vulnerabilities that could allow attackers to steal sensitive data from enterprise systems through timing-based side-channel attacks. The vulnerabilities, designated AMD-SB-7029 and known as Transient Scheduler Attacks, affect a broad range of AMD processors, including data center EPYC chips and enterprise Ryzen processors. The disclosure has immediately sparked a severity rating controversy, with leading cybersecurity firm CrowdStrike classifying key flaws… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14425","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14425"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14425\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}