Leonidas
Member
AMD CPUs for the past 9 years are vulnerable to data leak attacks
It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a...
www.engadget.com
Unlike some side channel attacks, it hasn't taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud...
It's possible to address the flaw through a mix of hardware and software, the researchers said, although it's not certain how much this would affect performance. Software and firmware fixes for Meltdown and Spectre have typically involved speed penalties, although the exact hit depends on the task.
We've asked AMD for comment. However, the authors suggest that AMD has been slow to respond. They said they submitted the flaws to AMD in late August 2019, but haven't heard back despite keeping quiet about the flaw for the past several months.
Update #3 3/9/2020 7:20am PT:
AMD responded to our queries with an advisory the company posted to its website. This advisory does not point to any mitigations for the attack in question, merely citing other mitigated speculative executions that were used as a vehicle to attack the L1D cache predictor. AMD's posting also lists general advice for protecting against the incredibly large family of side channel attacks, but there aren't any specific mention of firmware patches for the Take A Way vulnerabilities.
AMD responded for our request for more information and says there are no new mitigations required, as this issue is covered by the existing side channel attack mitigations.
The researchers do not agree, stating that this vulnerability is still active. Until the two sides agree it isn't possible to ascertain which viewpoint is more accurate. We'll update as necessary and keep an eye out for a CVE.
Original Source: Tom's Hardware
Last edited: