AMD CPUs also have security vulnerabilities that have existed for many years now!
Just a few days ago, we warned of an 'unpatchable' security hole affecting millions of Intel users around the world. While the information is still not hot, another relatively serious flaw on AMD processors has continued to be made public by the security community.
A group of international security researchers from the University of Technology Graz (Austria) and the University of Rennes (France) have just discovered a vulnerability exists on AMD CPUs, affecting all sets. handle Athlon 64 X2, Ryzen 7 and ThreadRipper produced over a period of 9 years, from 2011 to 2019. This vulnerability directly paves the way for side channel attacks called Collide + Probe and Load + Reload. If successfully exploited, it could allow hackers to access confidential data in AMD processors. The common point of both attacks is that the "prediction tool" is used for level 1 caching (L1 cache) to cause leakage of cached content. The report is given as follows:
The prediction tool calculates a? Tag using a hash function not stored on a virtual address. ? This tag is used to look up the way to store L1D buffer in the prediction table. Therefore, the CPU must compare the buffer tag only once to reduce power consumption.
In the first attack technique, Collide + Probe, an intruder will track memory accesses without having to know the physical address or shared memory area.
In the second attack technique, Load + Reload, the hacker exploits an attribute in which physical memory location can only exist once in the L1D buffer. Provides the ability to manipulate shared memory without invalidating the buffer stream.
The process of exploiting the flaw can be done through JavaScript code on popular browsers without the victim's knowledge. Although the amount of data collected is not too large, it is enough to detect important AES encryption keys.
In fact, information about the flaw was alerted by security researchers to AMD in late August 2019, but the company proved passive and didn't issue a firmware update to resolve the issue.
The good news is that this flaw will not lead to large-scale data leak attacks like Meltdown or Zombieload on Intel chips. At the same time, it can be overcome through measures combining hardware and software.
Hopefully, AMD will take actions to express a clearer view of this vulnerability in the near future.
You should read it
- Detected a serious BIOS vulnerability, affecting many Intel processors
- How to know if your Windows computer is affected by Meltdown and Specter?
- Google awarded US $ 36,000 to the Uruguayan boy who discovered the carrier's serious security error
- Overview of vulnerabilities on Intel, AMD, ARM chips: Meltdown and Specter
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
- PortSmash - New vulnerability on multi-threaded CPU
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- Found an 'unpatchable' flaw in Intel CPUs
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
Maybe you are interested
Linus Torvalds: AMD Intel's x86 tiers are 'garbage' and 'need to be eliminated'
The Difference Between AMD Ryzen U, H, HS and HX Laptop CPUs
AMD Ryzen Users Should Install This BIOS Update for a Free Performance Boost
If you have an AMD CPU, install this important security update!
AMD Ryzen Master stops supporting Threadripper and Ryzen 1st and 2nd generation CPUs, users take note!
AMD Sets Launch Date for Next-Generation Portable Gaming PC Chip: Z2 Extreme