Just a couple of days back we reported about a CPU vulnerability that could hurt a huge amount of Intel users. The flaw was discovered by Positive Technologies and it affected the CSME which made it impossible to patch with a firmware update.
Now, researchers have discovered a new flaw in AMD CPUs that affect all the processors between 2011-2019. The attacks Collide+Probe and Load+Reload will affect the security of data processed and will allow attackers can steal information. The vulnerabilities were discovered by security researchers from the Graz University of Technology in Austria and the University of Rennes in France. Security researchers contacted AMD regarding the vulnerabilities in August of 2019, but the company has not released firmware updates to address the issue. AMD states that the attacks “are not new speculation-based attacks.” but the research team disagrees.
The predictor computes a ?Tag using an undocumented hash function on the virtual address. This ?Tag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.
In the first attack technique, Collide+Probe, we exploit ?Tag collisions of virtual addresses to monitor the memory accesses of a victim time-sharing the same logical core.
In the second attack technique, Load+Reload, we exploit the property that a physical memory location can only reside once in the L1D cache. Thus, accessing the same location with a different virtual address evicts the location from the L1D cache. This allows an attacker to monitor memory accesses on a victim, even if the victim runs on a sibling logical core.
According to ZDNet, the attacks would require no special equipment and can work without physical access. While AMD tried to pass it off as old “speculation-based attacks”, the research team told ZDNet that AMD’s response is “rather misleading,” that AMD never engaged with their team after the initial report last August. They also mentioned that the attacks would work on fully-updated operating systems, firmware, and software even today.
The good news is these attacks are still not as bad as Meltdown which allowed actual data to leak through. Daniel Gruss, one of the researchers who wrote the paper stated on Twitter that these attacks would allow metadata leaks which are still not bad as Meltdown or Zombieload.
Certainly not. The attacks leak a few bit of meta-data. Meltdown and Zombieload leak tons of actual data.
— Daniel Gruss (@lavados) March 7, 2020