Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Palit GeForce GTX 1630 4GB Dual review
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Silicon Power XPOWER XS70 1TB NVMe SSD Review
Hyte Y60 chassis review
ASUS ROG Thor 1000W Platinum II (1000W PSU) review

New Downloads
GeForce 516.59 WHQL driver download
Media Player Classic - Home Cinema v1.9.22 Download
AMD Chipset Drivers Download v4.06.10.651
CrystalDiskInfo 8.17 Download
AMD Radeon Software Adrenalin 22.6.1 Windows 7 driver download
ReShade download v5.2.2
HWiNFO Download v7.26
7-Zip v22.00 Download
GeForce 516.40 WHQL driver download
Intel ARC graphics Driver Download Version: 30.0.101.1736


New Forum Topics
Windows 11 will now tell whether your computer is DirectStorage capable. Review: Palit GeForce GTX 1630 4GB Dual First Core i9-13900K Raptor Lake Processors Already Sell on Black Market NVIDIA GeForce 516.59 WHQL driver download & Discussion AMD Radeon Software - UWP Collapse of crypto mining industry leads to auctioning off of thousands of graphics cards Ryzen 7000X3D with 100 MB of cache already planned for this year Zotac RTX 3080 ti trinity power limit not working [3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) New VGA unusually high power consumption




Guru3D.com » News » New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays

New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays

by Hilbert Hagedoorn on: 03/09/2020 09:49 AM | source: | 36 comment(s)
New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays

Over the weekend a new report surfaced online, indicating that AMD would have Side Channel Vulnerabilities in their processors.  The paper released by the Graz University of Technology detailed two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor.

The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019. The research team said it notified AMD about the two problems in August 2019, however, the company has not publicly addressed the two problems, nor has it released microcode updates (CPU firmware).

“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers said.

Both exploit the "way predictor" for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox. While Take A Way only exposes out a small amount of information compared to Meltdown or Spectre, that was enough for the investigators to access AES encryption keys. It would be possible to address the flaw through a mix of hardware and software, the researchers said, although it's not certain how much this would affect performance.

AMD posted the following statement on its website

AMD responded to the publication of these security vulnerabilities via a security advisory on its website, acknowledging the security exploits and stating they were not a new form of side-channel attack.

“We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way,” AMD said.

“The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks.”

AMD said it recommended users follow the steps be taken by users to help mitigate against side-channel attacks:

  • Keep your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
  • Following secure coding methodologies
  • Implementing the latest patched versions of critical libraries, including those susceptible to side-channel attacks
  • Utilizing safe computer practices and running antivirus software

The advisory does not point to any mitigations for the attack in question, merely citing other mitigated speculative executions that were used as a vehicle to attack the L1D cache predictor.

The Graz University of Technology performed a lot of Vulnerability tests ion the past, but the reality is also that they are partially funded by intel, it seems. The paper mentions this, and really, just read it: "Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties." Albeit a curiosity, the co-authors of the Intel-funded study also revealed Intel's vulnerabilities in the past. 

 



New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays




« Free to grab: Crusader Kings II + DLC on Steam · New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays · Intel to launch 10th generation Core processors between April and June »

Related Stories

New AMD Certification Entries Hint at Big Navi GPU? - 02/20/2020 10:23 AM
Big NAVI, say a Radeon 5800/5900 might be announced rather sooner than later. Recently CEO Dr. Lisa Su give some strong hints already. There's more that indicates a release or announcement though....

New AMD Threadripper chipsets pop up in USB-IF database - No more X599 ? - 08/29/2019 01:17 PM
It seems that AMD is preparing Threadripper based on ZEN2 aka Series 3000. Three model names have surfaced named TRX40, WRX80 and TRX80. And that indicates that AMD is going to make some segmentation...

New AMD Ryzen Threadripper shows off: hugely faster than the old 32-core - 08/15/2019 08:34 AM
You will have noticed that benchmarks of an unpublished processor have surfaced on Twitter, it holds a Geekbench entry named AMD WhiteHavenOC-CP with 32 cores, and that likely is Threadripper 3000 ( ...

ASRock website reveals new AMD Athlon Procs and APUs - 06/25/2019 08:19 AM
ASRock once again made a mistake on its website and posted processor names of new unannounced AMD Athlon and APUs. AMD had already announced the Ryzen 3 3200G and the Ryzen 5 3400G. More in inbound. ...

Announcing the new AMD Radeon Pro Vega II Duo - 06/04/2019 08:08 AM
As part of new Mac Pro that is, 32 GB HBM2, 14 TFLOPs (& Vega II Duo with x2 of everything on the same board. AMD today announced the Radeon Pro Vega II and Pro Vega II Duo graphics cards, for th...


8 pages 1 2 3 4 > »


sverek



Posts: 6073
Joined: 2011-01-02

#5767342 Posted on: 03/09/2020 09:58 AM
The Graz University of Technology performed a lot of Vulnerability tests ion the past, but the reality is also that they are partially funded by intel, it seems.

Boy, it gonna be good.

Please AMD and Intel, call out each others holes and secure your shit. I am all for it.

anticupidon



Posts: 6781
Joined: 2008-03-06

#5767345 Posted on: 03/09/2020 10:02 AM
Good to see that security folks are ever vigilant. Now, AMD is having its share of vulnerabilities.
Let's see how this will pan out.

fantaskarsef
Senior Member



Posts: 13090
Joined: 2014-07-21

#5767376 Posted on: 03/09/2020 10:49 AM
Well, everybody gets a security problem for free with speculative execution. Maybe that's a generally dangerous way of creating CPU architectures... I wonder if they will be searching for an alternative route down the way.


Boy, it gonna be good.


While I agree with you as usual, the full paragraph tells more than the first line:

The Graz University of Technology performed a lot of Vulnerability tests ion the past, but the reality is also that they are partially funded by intel, it seems. The paper mentions this, and really, just read it: "Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties." Albeit a curiosity, the co-authors of the Intel-funded study also revealed Intel's vulnerabilities in the past.


Kaarme
Senior Member



Posts: 2945
Joined: 2013-03-10

#5767392 Posted on: 03/09/2020 11:28 AM
It's pretty hard to take seriously an Intel funded study on AMD CPUs, but it's not like we wouldn't have known AMD's CPUs have their own vulnerabilites. They are just far less numerous than Intel's.

skimike
Junior Member



Posts: 2
Joined: 2020-02-10

#5767411 Posted on: 03/09/2020 12:53 PM
Everything I have seen about this vulnerability since it popped up last Friday suggests that it leaks metadata rather than actual data. Has anyone read anything to the contrary?

8 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022