• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

AMD CPUs for the past 9 years are vulnerable to data leak attacks.

Leonidas

Leonidas

Member
www.engadget.com

AMD CPUs for the past 9 years are vulnerable to data leak attacks

It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a...
www.engadget.com www.engadget.com
Damn, that includes every single Ryzen CPU released to date.

Unlike some side channel attacks, it hasn't taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud...

It's possible to address the flaw through a mix of hardware and software, the researchers said, although it's not certain how much this would affect performance. Software and firmware fixes for Meltdown and Spectre have typically involved speed penalties, although the exact hit depends on the task.

We've asked AMD for comment. However, the authors suggest that AMD has been slow to respond. They said they submitted the flaws to AMD in late August 2019, but haven't heard back despite keeping quiet about the flaw for the past several months.
Click to expand...

Update #3 3/9/2020 7:20am PT:
Click to expand...
AMD responded to our queries with an advisory the company posted to its website. This advisory does not point to any mitigations for the attack in question, merely citing other mitigated speculative executions that were used as a vehicle to attack the L1D cache predictor. AMD's posting also lists general advice for protecting against the incredibly large family of side channel attacks, but there aren't any specific mention of firmware patches for the Take A Way vulnerabilities.

AMD responded for our request for more information and says there are no new mitigations required, as this issue is covered by the existing side channel attack mitigations.

The researchers do not agree, stating that this vulnerability is still active. Until the two sides agree it isn't possible to ascertain which viewpoint is more accurate. We'll update as necessary and keep an eye out for a CVE.
Click to expand...

Original Source: Tom's Hardware
 
Last edited:
ethomaz

ethomaz

Banned
So same issues Intel faced sometime ago.

A single JavaScript surfing the internet can expose your data?

It will be interesting to see how the CPUs will work after fixes.
 
Last edited:
llien

llien

Member
Leonidas said:
Damn, that includes every single Ryzen CPU released to date.
Click to expand...

#DamageControl

In times when this isn't even thread worthy, #yawn

www.techpowerup.com

Researchers Find Unfixable Vulnerability Inside Intel CPUs

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box...
www.techpowerup.com www.techpowerup.com


And, wait for it.... the dramatic twist:

...Hardware Unboxed found disclosures that Intel funded the research, raising concerns about the objectivity of the study
Click to expand...

and, for more drama.... TADAAA:

AMD responded for our request for more information and says there are no new mitigations required, as this issue is covered by the existing side channel attack mitigations.
Click to expand...
`
 
Last edited:
Iorv3th

Iorv3th

Member
Didn't the intel problem require something to be installed locally?

It's pretty nuts if this can occur by just visiting a webpage running java script.
 
10000

10000

Banned
well AMD already addressed this issue, it is already mitigated, it is not slow response tho

also I won't buy intel at all because they had ton of flaws discovered every month compared to amd ones
 
P

Panajev2001a

GAF's Pleasant Genius
Leonidas said:
www.engadget.com

AMD CPUs for the past 9 years are vulnerable to data leak attacks

It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a...
www.engadget.com www.engadget.com
Damn, that includes every single Ryzen CPU released to date.





Original Source: Tom's Hardware
Click to expand...

A Leonidas thread trying to hype up bad AMD news 😲... shocking ...

Edit: Rational analysis from a reputable source (Marcan):
 
Last edited:
ethomaz

ethomaz

Banned
10000 said:
well AMD already addressed this issue, it is already mitigated, it is not slow response tho

also I won't buy intel at all because they had ton of flaws discovered every month compared to amd ones
Click to expand...
Actually they just release a default PR reply.

The issues is not mitigate like the researcher confirmed.



 
Last edited:
Ascend

Ascend

Member
Intel's way of trying to take AMD down with them regarding the security flaws. No one with a brain falls for it. Especially if they know Intel's history and their 'business' practices.
 
M

michaelius

Banned
ethomaz said:
So same issues Intel faced sometime ago.

A single JavaScript surfing the internet can expose your data?

It will be interesting to see how the CPUs will work after fixes.
Click to expand...

From what I'm reading elsewhere you need admin rights in the first place to execute code that uses the exploit and if you have them who cares you can get everything anyway.
 
Insane Metal

Insane Metal

Member
llien said:
#DamageControl

In times when this isn't even thread worthy, #yawn

www.techpowerup.com

Researchers Find Unfixable Vulnerability Inside Intel CPUs

Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box...
www.techpowerup.com www.techpowerup.com


And, wait for it.... the dramatic twist:



and, for more drama.... TADAAA:

`
Click to expand...
Hey Leonidas Leonidas I wonder why you didn't post this one!
 
PhoenixTank

PhoenixTank

Member
Haven't dived in enough to see the real impact here, but seems to require a spectre variant (v3 on AMD isn't it?) to exploit anyway? Sad times for computing with both x86 vendors.
 
ethomaz

ethomaz

Banned
ipukespiders said:
What happened with that? I remember talk of a windows patch, and that it would cause performance issues. I haven't noticed anything (4690k).
Click to expand...
They fixed the two biggest issues but at the cost of performance.

It is a combination of BIOS update (for microcode) and OS patch.
 
Last edited:
PhoenixTank

PhoenixTank

Member
ethomaz said:
They fixed the two biggest issues but at the cost of performance.
Click to expand...
Right. If we're talking "Meltdown" though I believe it is mostly unnoticeable unless you are performing a lot of syscalls (context switching?). So databases and things like that. The strangest thing was a performance dip on the HEDT 10 series Intel CPUs vs the equivalent 9 series HEDT chips. They had hardware fixes that the 9 series lacked and believe there is still some inconclusive finger pointing in that vague direction.
The haunting continues.
 
Elektro Demon

Elektro Demon

Banned
https://wccftech.com/intel-csme-irreparable-boot-flaw-yet-another-intel-security-vulnerability/

Intel CSME Irreparable Boot Flaw – Yet Another Intel Security Vulnerability

Click to expand...
This is bad news for Intel users across the board as the only method of securing their systems is to upgrade to 10th Generation Intel CPUs and motherboards as those products are immune to the CSME flaw, go back nearly ten years to a legacy Intel platform before CSME's integration, or switch to AMD.
Click to expand...


At least those vulnerabilities AMD has are fixable, unlike Intel's recently found vulnerabilities.
 
Rolling_Start

Rolling_Start

Banned
If Intel had spent the last decade more concerned about multiple, massive critical security vulnerabilities engineered into the very heart of their own high margin architectures...

... perhaps they'd now be spending less time and money finding ways to hype up far less critical, far less severe, and far less frequently occurring flaws in their rival's (now far more performant and cost effective) platform architectures.

If you are nightly shitting the bed, don't try to draw attention to someone who your paid investigators saw spill some coffee.
 
PhoenixTank

PhoenixTank

Member
Are we at the point that we need a big thread just for CPU exploits now? Haunting continues.
Links posted in order of increasing detail:

Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance

Chipzilla's silicon will surrender secrets if properly probed
www.theregister.co.uk www.theregister.co.uk

LVI: Hijacking Transient Execution with Load Value Injection

lviattack.eu lviattack.eu
software.intel.com

Software Security Guidance from Intel

Find software developer resources, guidance, and insights for security advisories.
software.intel.com software.intel.com
 
Rolling_Start

Rolling_Start

Banned
I think we should accept that there are serious issues with all x86 architectures.

But that the worst come in a relentless wave from Intel.

And also that Intel are spending real money trying to fling any mud they can at AMD.

And that paid shit flinging is actually quite effective with certain partisan degenerates.

Don't trust those folks.
 
You must log in or register to reply here.

Similar threads

AMD ‘Zenbleed’ exploit can leak passwords and encryption keys from Ryzen CPUs (affects Zen 2 CPUs only)
11
1K
CuNi replied
PS5: Flat_z dumps PS5 Secure Processor, confirms he has a PS5 Hypervisor exploit (via a PS4 Game Save exploit)
Game Dev Hardware
10
2K
Red5 replied
Another day, another Intel vulnerability discovered: CrossTalk attack impacts Intel's mobile, desktop, and server CPUs
16
1K
mitchman replied
  • Poll
PLAYSTATION 6: Potential Innovations, Features, Business Strategies & More (Speculation)
Opinion Analysis Platform 2 3 4
181
13K
hussar16 replied
Another vulnerability found in INTEL cpu's
News Drama
16
2K
ORI replied
Top Bottom