AMD processors going back to 2011 suffer from worrying security holes

AMD’s processors from as early as 2011 through to 2019 are carrying vulnerabilities that are as yet unpatched, according to some freshly published research.

Known as ‘Take A Way’ (every security problem needs a snappy name, of course), security researchers said that they reverse-engineered the L1D cache way predictor in AMD silicon in order to discover two new potential attack vectors.

Given all the attention which has been focused on the flaws in Intel’s CPUs in recent times – vulnerabilities which haven’t affected AMD chips in a number of cases – this might just serve as a reminder that no one’s silicon is bulletproof.

As spotted by Tom’s Hardware, Graz University of Technology released a paper detailing the vulnerabilities which AMD was informed of back in August 2019, although as mentioned, a fix has yet to be deployed.

The pair of exploits, dubbed Collide+Probe and Load+Reload, are side channel attacks (in the same vein as Spectre) that manipulate the aforementioned L1D cache predictor in order to access data that should otherwise be secure and unobtainable.

The paper (a PDF shared on Twitter by researcher Moritz Lipp) explains: “With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core.

“With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.”

The security researchers have already successfully leveraged these exploits on some common browsers, namely Chrome and Firefox. One of the researchers, Michael Schwarz, said that Collide+Probe has already been demonstrated being successfully leveraged via JavaScript in a browser, requiring no user interaction.

Performance concerns

The paper doesn’t just outline the problems here, though, but also provides potential solutions through both hardware and software mitigations, although no comment is made on whether software patches might be detrimental to system performance (as you may recall, there was a big fuss about this when it came to fixing Meltdown and Spectre).

AMD has yet to comment on the affair, but we’re guessing that situation will change soon enough.

As an interesting side-note, Tom’s observes that Hardware Unboxed spotted that ‘additional funding’ for the paper came from Intel, and questions have been raised by some about potential conflicts of interest in that respect.

Another of the researchers, Daniel Gruss, addressed the matter on Twitter to note that he wouldn’t accept any funding which restricted his academic freedom and independence.



from TechRadar - All the latest technology news https://ift.tt/2TLEEZ3
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us