Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

WannaBeOCer 03-07-2020 12:13 PM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

They're paying researchers to learn from their competition. The same researchers who discovered this are the same who discovered 10 flaws on Intel, including Spectre, Meltdown, and Zombieload.

rdr09 03-07-2020 12:53 PM

So it is now about 20 vulnerabilities for amd and 200 for intel.

VaiFanatic 03-07-2020 03:01 PM

It might be time to go back to pen and paper, and a slide-rule.

Hwgeek 03-07-2020 10:28 PM

Quote:

Take A Way
Take A Way
3/7/20

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

*Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
*Following secure coding methodologies
*Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
*Utilizing safe computer practices and running antivirus software

https://www.amd.com/en/corporate/product-security

mothergoose729 03-07-2020 10:29 PM

Quote:

Originally Posted by Schmuckley (Post 28358086)
Sounds like javascript problem. NoScript fixes it.

Seriously, malicious javascript sites have been going up since just before 2000.

Javascript is just one example of an attack vector. It is a problem in the L1D cache prediction. Literally any kind of code is capable of exploiting it.

WannaBeOCer 03-07-2020 11:38 PM

407 Attachment(s)
This vulernability isn't severe, in the white paper they mention Intel had a similar vulernability and they were able to patch it with a microcode update.

Quote:

it is already necessary to invalidate branch predictors upon context switches [17]. As invalidating predictors and the L1D cache on Intel has been implemented through CPU microcode updates, introducing an MSR to invalidate the way predictor might be possible on AMD as well.
https://mobile.twitter.com/gnyueh/st...78639483527168

Omega X 03-07-2020 11:42 PM

AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security

WannaBeOCer 03-07-2020 11:54 PM

407 Attachment(s)
Quote:

Originally Posted by Omega X (Post 28358956)
AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security

All AMD stated was that these might not be new speculation vulnerabilities. The researchers explained in section 5 how they can exploit it.

AMD is stating they're already aware and still working on it.

Schmuckley 03-08-2020 12:21 AM

I'm stating I'll give these poofters my IP and they're free to try to exploit the CPU vulnerabilities.

Let's see what they've got!


My money sez not a damn thing!

TH is FUD as usual.

TH charts. :lachen:

Liranan 03-08-2020 01:33 AM

How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?


All times are GMT -7. The time now is 05:44 PM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.