Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

treetops422 03-08-2020 05:30 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Java has always been a vulnerability. No I'm not an expert, just a 20 year+ common PC user. But good to know.

Damage Inc 03-08-2020 06:44 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Ah yes, Intel's fault. Should've thrown nVidia into the mix while you were at it.

WannaBeOCer 03-08-2020 08:16 AM

407 Attachment(s)
Quote:

Originally Posted by Liranan (Post 28359044)
How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

The white paper states they used a fully patched Linux system using the chips below. All they were able to get were a bit of metadata.

Bulldozer and newer are affected.



Quote:

Since the AMD Bulldozer microarchitecture, AMD uses a way pre-
dictor in the L1 data cache.

Lab AMD Athlon 64 X2 3800+ K8 1
Lab AMD Turion II Neo N40L K10 1
Lab AMD Phenom II X6 1055T K10 1
Lab AMD E-450 Bobcat 1
Lab AMD Athlon 5350 Jaguar 1
Lab AMD FX-4100 Bulldozer 1
Lab AMD FX-8350 Piledriver 1
Lab AMD A10-7870K Steamroller 1
Lab AMD Ryzen Threadripper 1920X Zen 35
Lab AMD Ryzen Threadripper 1950X Zen 34
Lab AMD Ryzen Threadripper 1700X Zen 34
Lab AMD Ryzen Threadripper 2970WX Zen+ 30
Lab AMD Ryzen 7 3700X Zen 2 36
Cloud AMD EPYC 7401p Zen 20
Cloud AMD EPYC 7571 Zen 22

JackCY 03-08-2020 04:27 PM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

Because that's how it goes, most people would not want to spend years digging into black boxes and feed their families with what? Unlike human security that is backed by governments, technical security is not backed by anyone but competing corporations trying to find dirt on each other and Intel has been at this for a long time now and often fabricating stuff out of thin air to crate slander. Security research companies created and funded by Intel only to show up out of the blue and present a new AMD CPU flaw. Maybe now they don't create a new company but fund an existing one, not much of a difference in operation, they are partial/biased which for a market where 1 party holds majority of market and funds is a real problem.

Obviously we are likely to see a lot of dirt being attempted to be dug out on AMD by Intel funded groups. Did AMD fund many groups to dug out dirt on Intel? Maybe but unlikely especially considering some of the issues for Intel were known since early 90s where Intel dismissed them as "academic" yet decades later they were proven on their hardware as practically achievable and ignored again where key Intel employees start dumping Intel stock and whole company panicking as more and more and more and more flaws are being published and their money unable to keep under the lid anymore as they run out of deadlines that were given to them to fix the problems.

Will see how this flaws war plays out after a decade.

skupples 03-08-2020 08:04 PM

Quote:

Originally Posted by Schmuckley (Post 28358920)
Ofc you have an example, amirite?

This ain't no Sub7, bubba.


netscape & sub7.

errr mrrrr grrrrrdd

are we gonna be theorizing about what caused the y2k(1/1/2000 @12:00 - lots of cali neighborhoods went dark. mine included) rolling brownouts in cali next>?!

ryan92084 03-09-2020 05:10 AM

Thread cleaned, stay on topic. Save your personal shenanigans for you diary.

Cidious 03-09-2020 05:53 AM

Quote:

Originally Posted by Darren9 (Post 28357884)
I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...

KyadCK 03-09-2020 05:57 AM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

Because Intel doesn't want AMD to feel left out of the news.

Quote:

Originally Posted by Liranan (Post 28359044)
How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

Depends I suppose.

Do you;
  • Run VMs that others can access on your server?
  • Allow others on the network that have local admin on their PCs access to your server?
  • Disable your firewall on the server?
  • Go to a significant number of websites on your server?

Code has to run on the box, somehow. For most people that means injecting the code into a website or ad provider, the #1 way to get a PC to run foreign code, which is why the example is JavaScript. If you do not go to websites and your firewall is set up properly, then they will need a different attack vector, such as through whatever applications you are hosting.

I would expect if this is just a Linux file server or something, that it would be quite hard to get it to run code for this, even more so if you are not an active target and your external firewall does not allow access to the server (aka, no port forwarding).

Quote:

Originally Posted by treetops422 (Post 28359124)
Java has always been a vulnerability. No I'm not an expert, just a 20 year+ common PC user. But good to know.

JavaScript is not Java, but yes, JavaScript has also always been a vulnerability point.

Schmuckley 03-09-2020 06:41 AM

The potential for someone using this alleged exploit on people with an average OS and firewall is very minimal.

Running NoScript reduces the chances even further.

miklkit 03-09-2020 09:02 AM

Quote:

Originally Posted by Cidious (Post 28360500)
Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...


Ya, those intel fixes nerfed my all AMD rig too.Frame rates in the same games went from 60 to 20 to 40 to 15 to 90 while all that was going on.It was about as smooth as the Himalayas.


All times are GMT -7. The time now is 06:21 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.