[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture - Page 3 - Overclock.net - An Overclocking Community
Forum Jump: 

[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture

Reply
 
Thread Tools
post #21 of 73 (permalink) Old 03-07-2020, 12:13 PM
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,361
Rep: 188 (Unique: 130)
Quote: Originally Posted by m4fox90 View Post
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?
They're paying researchers to learn from their competition. The same researchers who discovered this are the same who discovered 10 flaws on Intel, including Spectre, Meltdown, and Zombieload.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is offline  
Sponsored Links
Advertisement
 
post #22 of 73 (permalink) Old 03-07-2020, 12:53 PM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 19,283
Rep: 880 (Unique: 638)
So it is now about 20 vulnerabilities for amd and 200 for intel.

[email protected] 6 http://valid.canardpc.com/show_oc.php?id=2211392 4.6 @ 4 http://valid.canardpc.com/show_oc.php?id=2216580
5.0 @ 8 http://valid.canardpc.com/show_oc.php?id=2511322
2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #23 of 73 (permalink) Old 03-07-2020, 03:01 PM
Disgruntled Dev
 
VaiFanatic's Avatar
 
Join Date: Jun 2011
Location: Gulf Breeze, FL
Posts: 1,201
Rep: 19 (Unique: 15)
It might be time to go back to pen and paper, and a slide-rule.

The Vortex
(13 items)
CPU
i7-2600K @ 4.5ghz
Motherboard
ASUS P8P67 WS Revolution
GPU
Evga 980Ti Classified
RAM
G.Skill Ripjaws X 32GB 2133MHZ
Hard Drive
Samsung 850 Pro 512GB
Optical Drive
ASUS DRW SATA 24X DVD
Power Supply
Antec CP-1000
Cooling
Zalman CNPS9700
Case
Antec Twelve Hundred ATX Full Tower
Operating System
Windows 10 Pro 64-bit
Monitor
Samsung SyncMaster SA550
Keyboard
Corsair K70 Cherry MX Blue
Mouse
Corsair M95
▲ hide details ▲
VaiFanatic is offline  
Sponsored Links
Advertisement
 
post #24 of 73 (permalink) Old 03-07-2020, 10:28 PM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 658
Rep: 15 (Unique: 13)
Quote:
Take A Way
Take A Way
3/7/20

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

*Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
*Following secure coding methodologies
*Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
*Utilizing safe computer practices and running antivirus software
https://www.amd.com/en/corporate/product-security

Last edited by Hwgeek; 03-07-2020 at 10:33 PM.
Hwgeek is offline  
post #25 of 73 (permalink) Old 03-07-2020, 10:29 PM
New to Overclock.net
 
mothergoose729's Avatar
 
Join Date: Aug 2008
Location: Citrus Heights, CA
Posts: 5,777
Rep: 343 (Unique: 284)
Quote: Originally Posted by Schmuckley View Post
Sounds like javascript problem. NoScript fixes it.

Seriously, malicious javascript sites have been going up since just before 2000.
Javascript is just one example of an attack vector. It is a problem in the L1D cache prediction. Literally any kind of code is capable of exploiting it.
mothergoose729 is offline  
post #26 of 73 (permalink) Old 03-07-2020, 11:38 PM
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,361
Rep: 188 (Unique: 130)
This vulernability isn't severe, in the white paper they mention Intel had a similar vulernability and they were able to patch it with a microcode update.

Quote:
it is already necessary to invalidate branch predictors upon context switches [17]. As invalidating predictors and the L1D cache on Intel has been implemented through CPU microcode updates, introducing an MSR to invalidate the way predictor might be possible on AMD as well.
https://mobile.twitter.com/gnyueh/st...78639483527168

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is offline  
post #27 of 73 (permalink) Old 03-07-2020, 11:42 PM
Original 16-bit Genesis®
 
Omega X's Avatar
 
Join Date: Mar 2013
Location: That gap between the couch cushion.
Posts: 1,705
Rep: 67 (Unique: 44)
AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security
Omega X is offline  
post #28 of 73 (permalink) Old 03-07-2020, 11:54 PM
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,361
Rep: 188 (Unique: 130)
Quote: Originally Posted by Omega X View Post
AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security
All AMD stated was that these might not be new speculation vulnerabilities. The researchers explained in section 5 how they can exploit it.

AMD is stating they're already aware and still working on it.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲

Last edited by WannaBeOCer; 03-08-2020 at 12:00 AM.
WannaBeOCer is offline  
post #29 of 73 (permalink) Old 03-08-2020, 12:21 AM
New to Overclock.net
 
Schmuckley's Avatar
 
Join Date: Jul 2011
Location: FL
Posts: 14,913
Rep: 708 (Unique: 565)
I'm stating I'll give these poofters my IP and they're free to try to exploit the CPU vulnerabilities.

Let's see what they've got!


My money sez not a damn thing!

TH is FUD as usual.

TH charts.
Schmuckley is offline  
post #30 of 73 (permalink) Old 03-08-2020, 01:33 AM
Politically incorrect
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 8,848
Rep: 620 (Unique: 302)
How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off