Some of Our Sources
- Technology Review
- TutsPlus - Code
- Team Treehouse
- Pearsonified
- Web Designer Depot
- Noupe
- Crazy Leaf Design
- Wal You
- Specky Boy
- Android Dissected
Help Webnuz
Referal links:
March 10, 2020 04:30 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hENBqrkKUcg/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks
AMD Processors From 2011 To 2019 Vulnerable To Two New Attacks
An anonymous reader quotes a report from ZDNet: AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed (PDF). The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features. The research team said it notified AMD of the two issues in August 2019, however, the company has not released microcode (CPU firmware) updates, claiming these "are not new speculation-based attacks," a statement that the research team disagrees with. The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor. Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory. A high-level explanation is available below: "The predictor computes a uTag using an undocumented hash function on the virtual address. This uTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption." The two new attacks were discovered after a team of six academics [...] reverse-engineered this "undocumented hashing function" that AMD processors were using to handle uTag entries inside the L1D cache way predictor mechanism. Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be. While the attacks can be patched, AMD denies that these two new attacks are a concern, claiming they "are not new speculation-based attacks" and that they should be mitigated through previous patches for speculative execution side channel vulnerabilities. The research team says AMD's response is "rather misleading," and that the attacks still work on fully-updated operating systems, firmware, and software even today.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hENBqrkKUcg/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot