New
#1
ooh joy that is just what we need another AMD vulnerability ....
what can we do about it?
AMD processors from 2011 to 2019 vulnerable to two new attacks
-
-
-
New #3
-
New #4
https://www.amd.com/en/corporate/product-security
"We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks."
It seems it isn't a big deal.
AMD processors from 2011 to 2019 vulnerable to two new attacks
Posted: 07 Mar 2020
Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.
AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed.The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.
The research team said it notified AMD of the two issues in August 2019, however, the company has not publicly addressed the two issues, nor has it released microcode (CPU firmware) updates.
An AMD spokesperson was not available for comment on this article.
THE L1D CACHE WAY PREDICTOR
The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor.
Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.
A high-level explanation is available below:
The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.
The two new attacks were discovered after a team of six academics -- from the Graz University of Technology in Austria and the Univerisity of Rennes in France -- reverse-engineered this "undocumented hashing function" that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.
"Knowledge of these functions is the basis of our attack technique," the research team said.
Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.
Read more: AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
Quote
Related Discussions