BeQuiet Jubiläum Banner 970x90
Breaking News

Lucky number Android 13: The latest features and updates CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance MSI Introduces Mini-LED Panel into Prestige 16 Samsung Electronics Takes Gaming Experiences To The Next Level With Global Launch of Odyssey Ark

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

AMD Downplays Reported Side Channel Vulnerabilities in Zen Chips

AMD Downplays Reported Side Channel Vulnerabilities in Zen Chips

PC components Mar 8,2020 0

AMD claims that the recently surfaced potential security exploits in the company's CPUs are not new speculation-based attacks.

A paper released by the Graz University of Technology detailed two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019.

Both exploit the "way predictor" for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line.

"We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions."

The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox. While Take A Way only exposes out a small amount of information compared to Meltdown or Spectre, that was enough for the investigators to access AES encryption keys.

It's possible to address the flaw through a mix of hardware and software, the researchers said, although it's not certain how much this would affect performance.

AMD posted the following statement no its website:

"We are aware of a new whitepaper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks."

The advisory does not point to any mitigations for the attack in question, merely citing other mitigated speculative executions that were used as a vehicle to attack the L1D cache predictor.

Tags: AMDProcessorsSecurity
Previous Post
Australia Launches Federal Court Action Against Facebook
Next Post
AT&T, Palo Alto Networks and Broadcom Collaborate on a Disaggregated Scalable Firewall

Related Posts

  • CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs

  • AMD introduces Ryzen 7000 series, new chipsets and technologies

  • Phison Announces Strategic PCIe Gen5 Relationship with AMD and Micron at Computex 2022

  • AMD Selects Google Cloud to Provide Additional Scale for Chip Design Workloads

  • AMD and Qualcomm Collaborate to Optimize FastConnect Connectivity Solutions for AMD Ryzen Processors

  • A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7

  • ASRock and MSI Launches AMD Radeon RX 6950 XT/ Radeon RX 6750 XT/ Radeon RX 6650 XT Graphics Cards

  • AMD releases Radeon RX 6400 graphics card

BeQuiet Jubiläum Banner 300x600

 

Latest News

Lucky number Android 13: The latest features and updates
Consumer Electronics

Lucky number Android 13: The latest features and updates

CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs
PC components

CORSAIR Ushers in the New Era of AMD with Support for AMD Ryzen 7000 CPUs

TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance
PC components

TEAMGROUP Announces MP44L M.2 PCIe 4.0 SSD with the Industry's First Heat Dissipating Graphene SSD Label for an Upgraded Cooling Performance

MSI Introduces Mini-LED Panel into Prestige 16
Enterprise & IT

MSI Introduces Mini-LED Panel into Prestige 16

Samsung Electronics Takes Gaming Experiences To The Next Level With Global Launch of Odyssey Ark
Gaming

Samsung Electronics Takes Gaming Experiences To The Next Level With Global Launch of Odyssey Ark

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Main menu

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed