The new CPU, the safety gap, processors from AMD, according to AMD, there is a new one

0


A new security vulnerability that need to have to change, as it is not Intel, but AMD’s new processors. Security researchers from the technical University of Graz and the University of London, attempts to force the mechanism of energy-saving, and AMD has been using for the CPU-Generation Bulldozer (FX-series), and Zen 2 (Ryzen 3000, Epyc 7002), the data from the Level-1 Cache for data (L1D) and read it. According to AMD, the earlier the measures to protect the newly documented security vulnerabilities.

The processors use a Cache Way Predictor: the Use of the Bits in the L1D Cache, and a comparison table of the CPUs try to predict which memory Bank the data is in the Cache next time you visit. Through the reading of a single memory Bank instead of the entire Cache, the processor saves the most energy. By means of the Reverse-Engineering of the management of the security researchers, some of the Bits of Meta-data for reading.

“Conflict+in sample” is the name of the attack is a shared logic to core (Simultaneous multi-threading (SMT) without having to know physical memory addresses, or to share a memory. Load+Reload” brings up the forwards for more reliable data, but it needs to have access to the same CPU core as the target process. The attacks on the work of, for example, by using Javascript in the Browser.

Security researchers emphasize that the techniques are only to a comparatively “low” Meta-data” can be read at all. The safety gap in the world more than the load, and is also found in the TU is one of the Best, however, to leave it in the case of Intel processors “tons of real leak data“.

AMD wrote on its own Blog safe, you would be a “Conflict+in sample” and “Load+Reload” for new types of attacks and the previously mentioned measures of protection in order to protect the machine. AMD has already been affected by the Specter of attacks, but to a much lesser extent than that of CPUs from Intel.

AMD strongly recommends that users of BIOS, os, and Software to keep programs and libraries that are updated, in order to protect against side-channel attacks.


(s)