AMD FPGA Devices Undervoltage Vulnerability Leading to Confidentiality Loss
Vulnerability
A vulnerability exists in certain AMD FPGA devices, specifically in the Artix™ 7-Series and potentially in the Kintex™ 7-Series, allowing an attacker with physical access to exploit undervoltage conditions. This improper protection against voltage and clock glitches could lead to a loss of confidentiality by enabling the extraction of sensitive data, such as decryption keys, from the device's registers and memory. The vulnerability arises because the on-chip mechanisms intended to detect and respond to voltage drops are too slow to prevent data loss, leaving critical information exposed for extraction.
Impact
Exploitation of this vulnerability could result in unauthorized access to confidential data processed in the affected FPGA's programmable logic, including sensitive information like cryptographic keys.
Remediation
FPGA customers concerned about this vulnerability should implement a clock monitor in the programmable logic and an asynchronous reset mechanism. AMD has experimentally verified the effectiveness of such a mitigation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.