Researchers at the Graz University of Technology have discovered security vulnerabilities affecting AMD CPUs launched between 2011 and 2019.<\/p>\n
In a paper published on the subject<\/strong><\/a>, the researchers detailed two “Take A Way” attacks which can be used to exploit side-channel vulnerabilities in Ryzen processors.<\/p>\n “We reverse-engineered AMD\u2019s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques,” the researchers said.<\/p>\n The two side-channel attacks detailed in the paper – “Collide+Probe” and “Load+Reload” – can be used to access secret data from the chips by attacking the L1D cache predictor.<\/p>\n AMD’s L1D cache predictor was implemented on these chips to reduce power consumption by predicting in which cache way a certain address is located.<\/p>\n The researchers disclosed the vulnerabilities to AMD on 23 August 2019, and there is currently no dedicated firmware patch available for these vulnerabilities.<\/p>\n AMD responded to the publication of these security vulnerabilities via a security advisory on its website<\/strong><\/a>, acknowledging the security exploits and stating they were not a new form of side-channel attack.<\/p>\n “We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way,” AMD said.<\/p>\n “The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks.”<\/p>\n AMD said it recommended users follow the steps be taken by users to help mitigate against side-channel attacks:<\/p>\n Following the publication of this advisory by AMD, the researchers stated on Twitter<\/strong><\/a> that this vulnerability remains open to exploitation.<\/p>\n Researchers at the Graz University of Technology have discovered security vulnerabilities affecting AMD CPUs launched between 2011 and 2019.<\/p>\n","protected":false},"author":341028,"featured_media":206706,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[577,40988,63511],"class_list":["post-341807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-amd","tag-security-vulnerability","tag-side-channel-attacks"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/341807"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341028"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=341807"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/341807\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/206706"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=341807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=341807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=341807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}AMD security advisory<\/h3>\n
\n
Now read: Incredible Connection apologises for personal data leak<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"