News

Scientists talk about attacks similar to Meltdown that pose a threat to AMD processors

The Record reports that in recent months, two reports have been published at once, detailing new side-channel attacks on AMD processors. The attacks are very similar to the Meltdown issue discovered in early 2018, though AMD processors were previously considered immune to this bug.

Let me remind you that the essence of the Meltdown attack was that malicious applications can abuse the proactive (or speculative) CPU command execution mechanism in order to overcome the barrier separating applications from the operating system kernel.

As a result, the malicious application was able to steal sensitive information from the kernel, including passwords, encryption keys and user data, to which it usually could not have access.the journalists of The Record told.

The Meltdown problem originally explained that this attack only works against Intel processors, while AMD uses a different speculative computing mechanism that is immune to this bug.

Now, however, scientists from the Dresden University of Technology said that after more than three years, they still found a way to attack AMD processors using the “Meltdown method.” And although in their report the experts write only about the vulnerability of the Zen line processors, AMD engineers soon announced that all the company’s processors were vulnerable to such attacks.

Unfortunately, this was not the end of the story: a second article was published this month, which describes another method for launching Meltdown attacks on AMD processors.

The authors of this publication, who discovered the original Meltdown attack in 2018, write that the second attack method exploits the x86 PREFETCH instructions and leaks information about the kernel address space in the same way. Alas, this week AMD confirmed that the experts’ conclusions are correct and all the company’s processors are also vulnerable to this problem.

So far, no patches have been released for these bugs, which are tracked under IDs CVE-2020-12965 and CVE-2021-26318. AMD only asks developers to remember about secure coding methodologies, just as Intel did in 2018.

Let me remind you that we talked about the fact that AMD Zen 3 processors are vulnerable to side-channel attacks, as well as that AMD Chipset Driver Bug Allows Bypassing KASLR And Accessing Sensitive Data.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button