Thought Intel was the only one? Well you would be living under a rock with all the past issues but Intel seemed to be constantly hit harder, and they had another recently. This time, it's AMD's turn in the security spotlight.
Researchers from 'Graz University of Technology', 'Univ Rennes, CNRS, IRISA' and another unaffiliated with either have released a paper with a security issue named 'Take A Way' which affects AMD CPUs going back to 2011 affecting a huge amount of them.
We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.
They did the responsible thing with it, and notified AMD on this particular issue on August 23rd, 2019 so AMD has had plenty of time to come up with possible fixes for it.
Interestingly, when you look over who funded this research it's had multiple backers—including "generous gifts from Intel". This isn't exactly unusual though, Intel funds a lot of things around security and it doesn't appear to be some kind of directed attack on AMD. One of the people named on the paper, Daniel Gruss, has been clearing it up on Twitter (#1, #2).
AMD themselves released a statement yesterday, which reads:
We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.
Obviously, AMD recommend keeping your PC software and firmware up to date.
It's been a tough few years for both Intel and AMD, and likely will continue to be so as more research is done to find more holes. While it's somewhat frightening there's been so many, it's great that they are found so they can be fixed through updates or new silicon rather than going unnoticed and potentially abused.