Back to Security Bulletins

Frequency Scaling Timing Power Side-Channels

Bulletin ID: AMD-SB-1038
Potential Impact: Information Disclosure
Severity: Medium

Summary

AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”.  AMD has been notified the researchers intend to submit their paper to USENIX Security 2022.

CVE Details

CVE-2022-23823

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. 

Affected Products

Desktop

  • AMD Athlon™ X4 processor
  • AMD Ryzen™ Threadripper™ PRO processor
  • 2nd Gen AMD Ryzen™ Threadripper™ processors
  • 3rd Gen AMD Ryzen™ Threadripper™ processors
  • 7th Generation AMD A-Series APUs
  • AMD Ryzen™ 2000 Series Desktop processors
  • AMD Ryzen™ 3000 Series Desktop processors
  • AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Desktop processors
  • AMD Ryzen™ 5000 Series Desktop processors with Radeon™ graphics

Mobile

  • AMD Ryzen™ 2000 Series Mobile processor
  • AMD Athlon™ 3000 Series Mobile processors with Radeon™ Graphics
  • AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

Chromebook

  • AMD Athlon™ Mobile processors with Radeon™ graphics

Server

  • 1st Gen AMD EPYC™ processors
  • 2nd Gen AMD EPYC™ processors
  • 3rd Gen AMD EPYC™ processors

Mitigation

As the vulnerability impacts a cryptographic algorithm having power analysis-based side-channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking1,2,3, hiding3 or key-rotation may be used to mitigate the attack.

Acknowledgement

CVE-2022-23823: AMD thanks the following for reporting this issue and engaging in coordinated vulnerability disclosure:

Yingchen Wang (University of Texas at Austin)

Riccardo Paccagnella (University of Illinois Urbana-Champaign)

Elizabeth Tang He (University of Illinois Urbana-Champaign)

Hovav Shacham (University of Texas at Austin)

Christopher Fletcher (University of Illinois Urbana-Champaign)

David Kohlbrenner (University of Washington)

Nikhil Chawla, Abhishek Chakraborty, Thais Moreira Hamasaki, Chen Liu, Ke Sun, Neer Roggel, Henrique Kawakami

References

  1. "Synthesis of Masking Countermeasures against Side Channel Attacks" by Hassan Eldib and Chao Wang
  2. "Masking against Side-Channel Attacks: a Formal Security Proof" by Emmanuel Prouff and Matthieu Rivain
  3. "Power Analysis Attacks: Revealing the Secrets of Smart Cards", by Elisabeth Oswald, Stefan Mangard, and Thomas Popp

Revisions

Revision Date  

Description  
07-12-2022 Updated Affected Products and Acknowledgements

06-14-2022 

Initial publication  

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

© 2022 Advanced Micro Devices, Inc. All rights reserved.