AMD would disagree: researchers find security flaws in AMD

0


Not only are the processors from Intel have problems with security researchers at the university of Graz (Austria) and Rennes (France) is keen to have discovered two security vulnerabilities in multicore processors. They are affected by AMD, since 2011 up to the current CPUs, beginning with the year 2019, for the purpose of the research project. AMD is in contrast to the researchers: there were no new security vulnerabilities, users will not be put at risk.

The job market

  1. A Software AG, Darmstadt, Düsseldorf, Leipzig, Stuttgart, Zurich (Switzerland).
  2. The black-and-services-KG, and the space in Neckarsulm



In order to reduce the power consumption of the processors at the same speed, the AMD released in 2011, has set up a Way for employees in the L1D Cache. The vulnerabilities have been able to find out, the researchers Reverse-Engineered the undocumented prediction function. In the first attack, the investigators Impinge on+call, for example, you can monitor the access to the memory, and “without the knowledge of the physical addresses in the shared memory”, it says in the paper. This only works, however, when the investigators, the Code can be run on the same logical core of the processor. Load+Reload the page, the second attack, and it also works when the Code is executed on a logical processor core.

In the same or in any way connected to the logical processor is executing Code, it may be, according to the researchers, the Javascript Code in a web page. For example, in a Memory, mix it with the command line or in the Browser, you could be in a restricted area, in large part, impeded. Also managed to get two of the researchers, the data is read-write.

AMD had already in August of 2019-informed, but I have been sent so far, an Update of a Microcode of the processor in order to close the gap. AMD remains in the gap, however, with no instructions, speculative features of the processor: “For us, it is well-known, in which the researchers report that they have potential security vulnerabilities in the AMD-CPUs are to be found, with the help of a malicious actor can manipulate the Cache-related function, in such a way that users look at data in a way that’s not intentional.”

It does, however, have to be combined with the already well-known and fixed security vulnerabilities in Software, and it is a speculative prediction to the processor. Thus, the security vulnerabilities are not new, attacks on speculative prediction. Against such side-channel attacks, the traditional security assistance, according to the AMD recommendations, the Software to keep you up-to-date, secure coding guidelines for the following, as well as the current versions of the libraries you use.

Please enable Javascript to.
Or, you can use the Golem-pure-offer –
and read Golem.de

  • ad-free
  • with Javascript turned off
  • with RSS full-text Feed