All news with #amd tag

New Phoenix Rowhammer Bypass Elevates DDR5 Privilege Risk

⚠ The new Phoenix Rowhammer technique reverse-engineers TRR in SK Hynix DDR5 DIMMs to induce controlled bit flips previously believed mitigated. Researchers from ETH Zurich and Google report Phoenix reliably triggers flips across all 15 tested modules, enabling practical exploits such as forged Page Table Entries, RSA-2048 key leakage from co-located VMs, and a sudo-based root escalation. The issue is tracked as CVE-2025-6202.

VMScape: Spectre-BTI Variant Breaks VM Isolation in VMs

🔒 Researchers have demonstrated VMScape, a Spectre-like branch target injection attack that breaks guest-to-host isolation on AMD and Intel CPUs in virtualized environments. The proof-of-concept targeted KVM/QEMU in its default configuration and extracted host disk encryption keys from an AMD Zen 4 system. Tracked as CVE-2025-40300, mitigations include inserting an Indirect Branch Prediction Barrier (IBPB) on VMEXIT, which maintainers report causes only marginal performance impact. The vulnerability highlights that existing Spectre-BTI defenses and microcode updates are insufficient in some virtualized deployments, particularly on AMD Zen microarchitectures.

VMScape: Spectre-like VM-to-host data leak on CPUs

🔓 Researchers at ETH Zurich disclosed VMScape, a Spectre-like speculative-execution attack that lets a malicious VM extract secrets from an unmodified QEMU hypervisor running on many modern AMD and some Intel CPUs. The exploit abuses shared branch-prediction structures and a FLUSH+RELOAD side channel to induce speculative disclosure. It works without host compromise and bypasses default mitigations; vendors and Linux developers released advisories and kernel patches to mitigate the issue.

AWS Split Cost Allocation Adds GPU and Accelerator Cost Tracking

🔍 Split Cost Allocation Data now supports accelerator-based workloads running in Amazon Elastic Kubernetes Service (EKS), allowing customers to track costs for Trainium, Inferentia, NVIDIA and AMD GPUs alongside CPU and memory. Cost details are included in the AWS Cost and Usage Report (including CUR 2.0) and can be visualized using the Containers Cost Allocation dashboard in Amazon QuickSight or queried with Amazon Athena. New customers can enable the feature in the Billing and Cost Management console; it is automatically enabled for existing Split Cost Allocation Data customers.

Amazon EC2 G6 Instances with NVIDIA L4 Now in UAE Region

🚀 Amazon has launched EC2 G6 instances powered by NVIDIA L4 GPUs in the Middle East (UAE) Region, expanding cloud GPU capacity for graphics and ML workloads. G6 instances offer up to 8 L4 GPUs with 24 GB per GPU, third-generation AMD EPYC processors, up to 192 vCPUs, 100 Gbps networking, and up to 7.52 TB local NVMe storage. They are available via On-Demand, Reserved, Spot, and Savings Plans and can be managed through the AWS Console, CLI, and SDKs.

Google research improves Retbleed exploit on Zen 2

🔬 Google researchers demonstrated practical improvements to the Retbleed speculative-execution attack, showing that on AMD Zen 2 CPUs attackers can read arbitrary RAM at roughly 13 KB/s with perfect cache-extraction accuracy. They adapted a modified Speculative ROP technique to evade Spectre v2 mitigations and showed ways to bypass Linux kernel defenses. The exploit still requires prior knowledge of kernel configuration, but common default builds and probing reduce that hurdle, and Google has already restricted Zen 2 in certain cloud workloads.