AMD has recently published a security advisory detailing new transient scheduler attacks that could potentially allow attackers to infer sensitive information from affected processors. These vulnerabilities, designated as AMD-SB-7029, pose a medium risk related to confidentiality.
What Are These Attacks?
The vulnerabilities involve timing-based side channels that exploit microarchitectural behaviors in AMD CPUs, particularly under specific execution conditions. Essentially, attackers could use these timing differences to infer data from other processes or privileged contexts, possibly leaking confidential information.
Which Products Are Affected?
EPYC Server Processors (including Naples, Rome, Milan, Genoa, and others)
Ryzen Desktop and Mobile Processors (including Ryzen 3000, 5000, 7000 series)
Embedded and Graphics Processors
The severity and mitigation steps vary by processor generation, with newer models generally receiving firmware updates that address the issues.
What Is AMD Doing?
AMD has released firmware updates to OEMs and system vendors, which can be applied via BIOS updates. For some older processors, no fix is currently planned. Users are advised to consult their device manufacturers or IT teams for guidance on firmware updates and OS patches.
While these vulnerabilities are categorized as medium severity, they demonstrate ongoing microarchitectural risks that can compromise data confidentiality. Staying updated with firmware and OS patches remains essential to protect hardware and sensitive information in enterprise and personal systems.
See AMD’s official notice including list of processors affected on their security bulletin here.
Leave a Reply