Frequency Scaling Timing Power Side-Channels

Bulletin ID: AMD-SB-1038 **Potential Impact:**Information Disclosure **Severity:**Medium

Summary

AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”. AMD has been notified the researchers intend to submit their paper to USENIX Security 2022.

CVE Details

CVE-2022-23823

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.

Affected Products

Desktop

• AMD Athlon™ X4 processor
• AMD Ryzen™ Threadripper™ PRO processor
• 2nd Gen AMD Ryzen™ Threadripper™ processors
• 3rd Gen AMD Ryzen™ Threadripper™ processors
• 7th Generation AMD A-Series APUs
• AMD Ryzen™ 2000 Series Desktop processors
• AMD Ryzen™ 3000 Series Desktop processors
• AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
• AMD Ryzen™ 5000 Series Desktop processors
• AMD Ryzen™ 5000 Series Desktop processors with Radeon™ graphics

Mobile

• AMD Ryzen™ 2000 Series Mobile processor
• AMD Athlon™ 3000 Series Mobile processors with Radeon™ Graphics
• AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
• AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
• AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

Chromebook

• AMD Athlon™ Mobile processors with Radeon™ graphics

Server

• 1st Gen AMD EPYC™ processors
• 2nd Gen AMD EPYC™ processors
• 3rd Gen AMD EPYC™ processors

Mitigation

As the vulnerability impacts a cryptographic algorithm having power analysis-based side-channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking1,2,3, hiding3 or key-rotation may be used to mitigate the attack.