How did researchers find new security flaws in AMD‘s most popular processors? Scientists from Microsoft and ETH Zurich discovered four vulnerabilities that affect millions of AMD chips. They’ve named these flaws Transient Scheduler Attack, or TSA. The problems are similar to the famous Meltdown and Spectre bugs that hit Intel chips years ago.
The vulnerabilities affect AMD’s biggest product lines. That includes Ryzen desktop processors, EPYC server chips, Threadripper workstation CPUs, Athlon budget processors, and Instinct accelerators. Every generation from Zen 1 through the newest Zen 5 architecture has these flaws. The bugs let attackers peek at sensitive information like passwords and private data from other programs.
TSA works by exploiting tiny mistakes the processor makes when it tries to predict what it’ll need to do next. The attack targets two specific parts of the chip. TSA-L1 goes after the processor’s fastest memory cache. TSA-SQ targets the store queue, which temporarily holds data the processor is working with. By measuring tiny timing differences, attackers can figure out what data the processor was handling.
There’s some good news though. Hackers can’t use these flaws remotely over the internet. They’d need to run malicious code directly on the victim’s computer first. This requirement for local access makes the vulnerability less dangerous than remote exploits. Microsoft says they haven’t seen anyone using these attacks in real life yet. The vulnerabilities received severity scores between 3.8 and 5.6, which means they’re low to medium risk.
AMD has already created fixes and sent them to computer manufacturers. But users need both firmware updates and operating system patches for complete protection. Some older processors might never get fixed. One of the patches could slow down computers because it makes the processor run extra security checks frequently. The mitigation strategy involves executing the VERW instruction more often to clear potentially leaked data from processor buffers.
The discovery adds to a growing list of hardware security problems that’ve plagued modern processors. Since 2018, researchers have found multiple ways that chips from Intel, AMD, and ARM leak data through side channels. These architectural flaws are especially concerning for cloud providers and data centers where multiple customers share the same physical hardware.
System administrators must now decide whether the performance cost of patches is worth the security improvement.
References
- https://www.tweaktown.com/news/106332/amd-confirms-it-has-cpu-vulnerabilities-akin-to-meltdown-and-spectre/index.html
- https://www.techspot.com/news/108633-amd-warns-new-meltdown-spectre-style-flaws-desktop.html
- https://www.theregister.com/2025/07/09/amd_tsa_side_channel/
- https://thehackernews.com/2025/07/amd-warns-of-new-transient-scheduler.html
- https://www.amd.com/en/resources/product-security.html
