AMD processors vulnerable to two new types of side-channel attacks

Researchers found two new vulnerabilities that could affect AMD processors between 2011-2019. Attacks called Collide + Probe and Load + Reload affect the security of the data processed by the affected AMD CPUs. As a result, an attacker could steal information or affect security features. The team of six researchers from the University of Graz, Austria and the University of Rennes, France, details the findings in extensive documentation.

The research team contacted AMD about the issue in August 2019, but AMD said it hasn’t released a firmware update related to this issue since then. AMD said this attack is not a “new inference-based attack.” The research team disagrees with AMD.

Attacks target L1D cached predictors. This feature reduces power consumption by improving how the CPU handles cached data. Below is a detailed explanation of the researcher’s documentation.

Predictors compute μTag using undocumented hash functions on virtual addresses. This μTag is used to look up the L1D cache method in the prediction table. So the CPU should compare the cache tags only one way instead of all possible ways to reduce power consumption.

The researchers also analyze how the attack was exploited.

The first attack technique, Collide + Probe, utilizes μTag collisions of virtual addresses to monitor memory accesses of victims sharing the same logical core.

The second attack technique, Load + Reload, takes advantage of the property that a physical memory location can only exist once in the L1D cache. Therefore, accessing the same location with different virtual addresses removes the location from the L1D cache. This allows an attacker to monitor the victim’s memory access, even if the victim runs on sibling logic cores.

These attacks are potentially dangerous because they can be used in the wild. Some attacks require a high level of access to the computer and are not suitable for most attackers. ZDNet points out that Collide + Probe and Load + Reload work without physical access, special equipment, or hidden port connections. The researchers said they demonstrated and evaluated the attack “in sandbox JavaScript and virtualized cloud environments.”

AMD responded by saying that “I believe AMD is not a new reasoning-based attack.” AMD believes that “this problem can be mitigated in software through side channel counter measurements.” The research team that discovered the attack told ZDNet that AMD’s response was “misleading” and that AMD had never been involved with the research team about the attack. The team also said that the attack still works on a full update operating system.

These attacks pose a security risk, but Daniel Gruss, one of the researchers who discovered the attack, Mention on Twitter Not as dangerous as Meltdown and Zombieload. He was attacked in response to another Twitter user [bits] Metadata Meltdown and Zombieload leak a lot of real data. “

Cutting edge

In short, the will of Ori and Wisps is a masterpiece despite its rough edges. There is our big review of the latest victory of Moon Studios.

Fix itThe new Windows 10 driver bug is a big problem. Here is the fix:

Security settings in Windows can prevent PC drivers from installing or working properly, which is a big problem. Fortunately, there is a workaround that is easy to use.

Super business laptop

Review: The HP Elite Dragonfly is gorgeous but its edges are rough.

HP’s Elite Dragonfly is a new high-end business-class Ultrabook class. It features a 2-in-1 design, Wacom ink, Windows Hello, 4G LTE (5G), and all-day battery life and a gorgeous iridescent finish, and there’s a lot to like about all of these laptops. . But due to some initial problems we don’t like it. Find out if you will buy an elite dragonfly or wait until

Fast lightning

Supercharge your Ryzen 5 2600 CPU with this RAM kit

Are you trying to match ultra-fast RAM with the new AMD Ryzen 5 2600 processor? Some choices to consider are:

Add a Comment

Your email address will not be published. Required fields are marked *