1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AMD processors from 2011 to 2019 vulnerable to two new attacks

Discussion in 'CPUs' started by b00merang69, Mar 7, 2020.

  1. IT Troll

    Wise Guy

    Joined: Jun 15, 2005

    Posts: 2,451

    Location: Edinburgh

    They provided a list of the CPUs they tested on from K8 (2013) to Zen 2 (2019). Looks like they only provided benchmark data for a couple. They did indeed use Linux as it is the preferred O/S for this type of research. All the previous vulnerabilities have used Linux for the proof of concept.

    I agree that these are mostly of academic interest and are of little concern to the home user. But equally they are not faked or the work of Intel shills.
     
  2. Rroff

    Man of Honour

    Joined: Oct 13, 2006

    Posts: 68,468

    Some of the recent Windows 10 vulnerabilities that have been closed have been way more concerning than either these or the Intel vulnerabilities yet strangely gets far less attention. Some of them are actual, viable over the internet, remote execution vectors as well while most of these CPU vulnerabilities aren't that kind of problem.
     
  3. jigger

    Capodecina

    Joined: May 28, 2007

    Posts: 12,510

    The Intel flaws that can’t be patched (most of them) are the biggest liabilities by far. These issues will drag out for decades and could spawn numerous day one exploits.
     
  4. humbug

    Caporegime

    Joined: Mar 17, 2012

    Posts: 33,736

    Right. Windows is the biggest exploit going, if you wanted to get data from someones computer you wouldn't bother with the CPU, your OS is practically handing it to anyone who wants to look.
     
  5. Th0nt

    Soldato

    Joined: Jul 21, 2005

    Posts: 7,072

    Location: N.Ireland

    You could probably setup a windows telemetry sniffer as a man in the middle.
     
  6. Orange Nexus

    Hitman

    Joined: Sep 21, 2018

    Posts: 895

    The latest intel vulnerability, LVI, is actually older than some others. It was discovered last April 2019. The researcher agreed with intel to keep it secret the whole time.
     
  7. hyperseven

    Soldato

    Joined: May 1, 2013

    Posts: 7,001

    Location: M28

    link?
     
  8. Orange Nexus

    Hitman

    Joined: Sep 21, 2018

    Posts: 895

  9. Th0nt

    Soldato

    Joined: Jul 21, 2005

    Posts: 7,072

    Location: N.Ireland

    4th April 2019... :cool:
     
  10. hyperseven

    Soldato

    Joined: May 1, 2013

    Posts: 7,001

    Location: M28

    del
     
  11. Tute

    Capodecina

    Joined: Jul 24, 2004

    Posts: 22,209

    Location: Devon, UK

    I have to admit, if I see one of these kind of CPU based "attacks" that require physical access to exploit, I just roll my eyes and move on. After all, if a stranger is physically at my computer when i'm not there I have bigger issues than them exploiting my processor.

    I can't tell with these new AMD ones, do they require physical access to the computer?
     
  12. Orange Nexus

    Hitman

    Joined: Sep 21, 2018

    Posts: 895

    When this gets a CVE designation, then details will follow.

    https://www.cvedetails.com/vulnerability-list/vendor_id-7043/AMD.html

    Here is one for intel.

    https://www.cvedetails.com/vulnerab...&sha=1d6011c41df6dde5f48a4f36352f44c40f918a0a
     
  13. IT Troll

    Wise Guy

    Joined: Jun 15, 2005

    Posts: 2,451

    Location: Edinburgh

  14. humbug

    Caporegime

    Joined: Mar 17, 2012

    Posts: 33,736

    lol