This security flaw could affect nearly all CPUs - but it might not be all bad

CPU concept art of a chip with blue electricity coursing through it
(Image credit: 3dartists / Shutterstock)

A new vulnerability has been identified affecting a wide number of CPUs, but users have been told not to be overly concerned, given the sheer complexity of carrying out an attack.

That’s according to chipmaker AMD, who “believes that it is difficult to execute the attack/exploit of this vulnerability in the real world or outside of a controlled/lab-type environment.”

The warning came from a group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security.

Software-based Power Side Channel widely affecting CPUs

The issue, known as ‘Collide+Power,’ presents a potential power side-channel vulnerability affecting processors that could allow authenticated attacks to monitor CPU power consumption, which in turn may lead to the leak of sensitive information.

The vulnerability has been tracked as CVE-2023-20583 and was awarded a severity level of ‘low’.

Ahead of a full investigation, AMD has confirmed that “EPYC server processors contain a performance determinism mode which can be used to reduce this type of leakage” and that “Ryzen client processors support a core boost disable bit that can help reduce the changes in frequency.”

ARM also shared some information about the issue at hand, and an Intel spokesperson told TechRadar Pro:

"Intel has evaluated this research and determined new mitigations are not required. Existing features in Intel products and guidance for mitigating power side-channel attacks are applicable in this and other known cases."

The chipmakers appear to have been cooperative in reaching an agreement to rectify the vulnerability. The team behind the discovery said: “We thank the vendors AMD, ARM, and Intel for professionally handling the responsible disclosure.”

In its own statement, Amazon said that AWS customers’ data and instances are not impacted by Collide+Power.

A full breakdown of how an attacker may be able to get access to sensitive information via a machine’s CPU can be found on the Collide+Power website. Moving forward, the Graz and CISPA researchers see a solution in preventing attackers from observing power-related signals rather than redesigning general-purpose CPUs which is a sizeable task by any measure.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does