• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

AMD processors from 2011 to 2019 vulnerable to two new attacks

Permabanned
Joined
27 Sep 2019
Posts
2,570
Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.

AMD processors manufactured between 2011 and 2019 (the time of testing) are vulnerable to two new attacks, research published this week has revealed.The two new attacks impact the security of the data processed inside the CPU and allow the theft of sensitive information or the downgrade of security features.

The research team said it notified AMD of the two issues in August 2019, however, the company has not publicly addressed the two issues, nor has it released microcode (CPU firmware) updates.

An AMD spokesperson was not available for comment on this article.

THE L1D CACHE WAY PREDICTOR

The two new attacks target a feature of AMD CPUs known as the L1D cache way predictor.

Introduced in AMD processors in 2011 with the Bulldozer microarchitecture, the L1D cache way predictor is a performance-centric feature that reduces power consumption by improving the way the CPU handles cached data inside its memory.

A high-level explanation is available below:

The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.

The two new attacks were discovered after a team of six academics -- from the Graz University of Technology in Austria and the Univerisity of Rennes in France -- reverse-engineered this "undocumented hashing function" that AMD processors were using to handle μTag entries inside the L1D cache way predictor mechanism.

"Knowledge of these functions is the basis of our attack technique," the research team said.

Knowing these functions, allowed the researchers to recreate a map of what was going on inside the L1D cache way predictor and probe if the mechanism was leaking data or clues about what that data may be.

amd-tested-cpus.png





https://www.tenforums.com/windows-1...9-vulnerable-two-new-attacks.html#post1856798 < Easier to read.


https://www.zdnet.com/article/amd-processors-from-2011-to-2019-vulnerable-to-two-new-attacks/ < Source
 
Last edited:
Man of Honour
Joined
13 Oct 2006
Posts
90,805
Like with any hardware if it is out there long enough and still in use people will find ways to exploit it eventually.
 
Man of Honour
Joined
30 Oct 2003
Posts
13,228
Location
Essex
Like with any hardware if it is out there long enough and still in use people will find ways to exploit it eventually.

All about that arms race. Sounds like a microde could be in order. One thing i find slighly odd about this leek is no cve for it? At least not that I can find yet.
 
Permabanned
OP
Joined
27 Sep 2019
Posts
2,570
Same as when Windows was hacked all the time back in XP era but MAC/Linux were not but are now, you want to do as much damage so go for bigger target to effect more users.

I have zero worries as a home user and certainly did not disable my CPU's HT but would be happier if they handled it better (Intel).
 
Soldato
Joined
28 May 2007
Posts
18,190
Same as when Windows was hacked all the time back in XP era but MAC/Linux were not but are now, you want to do as much damage so go for bigger target to effect more users.

I have zero worries as a home user and certainly did not disable my CPU's HT but would be happier if they handled it better (Intel).

The only way for Intel to handle the flaws is to buy you an AMD system.
 
Man of Honour
Joined
30 Oct 2003
Posts
13,228
Location
Essex
bet this doesnt stay at the top like a intel one would :p

There appears to be some missing facts which im sure will work their way out. No CVE's, no major details and most importantly only minor meta data was managed to be leaked whereas the intel ones were releasing data in droves. You should have read in full before commenting... Dont get me wrong a vulnerability is just that but if you compare this to recent Intel ones its particularly minor.

Still you would expect some patching to be done.
 
Caporegime
Joined
17 Mar 2012
Posts
47,379
Location
ARC-L1, Stanton System
Taken from the other thread this was posted in.

I would find it very very difficult to believe that AMD are invulnerable to absolutely everything, that would be ridiculous. Frankly given the huge mass if security flaws found in Intel CPU's over these past few years its pretty astonishing that AMD have been impervious to all of it. Something eventually has to give! You can kill a dartboard, eventually, by throwing darts at it.

However i'm also not going to trust claims made by people who are funded by their only competitors, Intel. We already know Intel are in the habit of paying people to slander AMD. Principle Technologies... for example.

It didn't take people long to notice that Intel partially funded this research.

esdv0oxueaau-uuksk1w.png


Not the first time they've responded to vulnerabilities of their own coming to light by paying someone to say AMD has them too either.
 
Last edited:
Permabanned
OP
Joined
27 Sep 2019
Posts
2,570
WTF are you talking about?

I am taking about the hate on Windows as it was open to been hacked and MAC's and Linux were not back then.

It had little to do with Windows was wide open and the other two were bulletproof, just it had a bigger target to do more damage to.

I think you may have misread something.
 
Soldato
Joined
28 May 2007
Posts
18,190
So this leak can be used to extract a little data that could possibly be used as a hint to other tasks that may or may not be running and depending on those hints you may or may not have a probable attack vector.
That's the keyword 'heard', seems AMD dont like to tell anyone about them. God knows how many are out there :eek:

Intel actively pay researchers not to disclose vulnerabilities in its own processors, while at the same time funding anyone they can to expose flaws in AMD chips. Considering the financial clout and pretty much unlimited resources Intel has at its disposal, I say those numbers are tiny.
 
Soldato
Joined
17 May 2004
Posts
4,128
Location
Home
That's the keyword 'heard', seems AMD dont like to tell anyone about them. God knows how many are out there :eek:

Are you joking? Intel actively pay out under a bounty scheme for information on vulnerabilities on their chips, and they then require you to not disclose any information about having discovered any such vulnerabilities otherwise you don't get paid.
 
Soldato
Joined
9 Nov 2009
Posts
24,764
Location
Planet Earth
https://www.amd.com/en/corporate/product-security

Take A Way
3/7/20

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

  • Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
  • Following secure coding methodologies
  • Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
  • Utilizing safe computer practices and running antivirus software
 
Soldato
Joined
1 May 2013
Posts
9,692
Location
M28
So this leak can be used to extract a little data that could possibly be used as a hint to other tasks that may or may not be running and depending on those hints you may or may not have a probable attack vector.


Intel actively pay researchers not to disclose vulnerabilities in its own processors, while at the same time funding anyone they can to expose flaws in AMD chips. Considering the financial clout and pretty much unlimited resources Intel has at its disposal, I say those numbers are tiny.

Are you joking? Intel actively pay out under a bounty scheme for information on vulnerabilities on their chips, and they then require you to not disclose any information about having discovered any such vulnerabilities otherwise you don't get paid.

AMD defence force.....assemble :p
 
Soldato
Joined
15 Jun 2005
Posts
2,750
Location
Edinburgh
most importantly only minor meta data was managed to be leaked whereas the intel ones were releasing data in droves. You should have read in full before commenting...
In the whitepaper they claim to have leaked secret encryption keys from AES tables through a high speed side channel. It appears to operate in a very similar way to the Intel MDS type attacks.

We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel. Furthermore, we reduced the entropy of different ASLR implementations from native code and sandboxed JavaScript.

As part of their paper they describe a successful memory attack using JavaScript from within Chrome and Firefox. In the Intel thread, something very similar was used as "proof" that home users can be attacked whilst simply browsing the web and that remote attackers can steal private data.

The reality in both the Intel and AMD cases is that these are academic proof of concepts demonstrated on specially prepared Linux machines. They are very low concern/impact for the typical home user. Whilst an attack may be theoretically possible, the difficulty and effort required means that an attacker is much more likely to take another much easier approach to achieve something much more effective; e.g. motherboard drivers from market leading brands which allow untrusted code to run with elevated privileges.

We will no doubt see more of these type of vulnerabilities on both platforms. Will we ever see something in the wild which targets home users? Doubtful.
 
Back
Top Bottom