AMD Processors Vulnerable to 2 New Side-Channel Attacks
With the latest discussions about Intel vulnerbilites, here are the latest AMD news!
AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research.
Known as "Take A Way," the new ( source: https://mlq.me/download/takeaway.pdf ) potential attack vectors leverage the L1 data (L1D) cache way predictor in AMD's Bulldozer microarchitecture to leak sensitive data from the processors and compromise the security by recovering the secret key used during encryption.
The research was published by a group of academics from the Graz University of Technology and Research Institute of Computer Science and Random Systems (IRISA), who responsibly disclosed the vulnerabilities to AMD back in August 2019.
"We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," AMD said ( source: https://www.amd.com/en/corporate/product-security )in an advisory posted on its website over the weekend.
"The researchers then pair this data path with known and mitigated software or speculative execution side-channel vulnerabilities. AMD believes these are not new speculation-based attacks."
To demonstrate the impact of the side-channel attacks, the researchers established a cache-based covert channel that exfiltrated data from a process running on the AMD CPU to another stealthy process, achieving a maximum transmission rate of 588.9kB/s using 80 channels in parallel on the AMD Ryzen Threadripper 1920X processor.
With AMD's EPYC processors being embraced by popular cloud platforms such as Amazon, Google, and Microsoft, the fact that these attacks can be carried out in a cloud setting poses significant concerns.
Comments
Huh? Ryzen and EPYC don't use Bulldozer, do they?
Edit: Indeed they do not. I was remembering correctly, and Bulldozer is only used for the FX-* and Opteron series, the infamous space heaters. Not sure why Bulldozer is being named in the context of Ryzen and EPYC here...
I believe this research was funded by intel.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Oh, huh, you're right.
(Emphasis mine.)
Sounds like a good reason to build a new desktop PC if it affects the older FX processors
At what point should I start crafting my own CPU?
https://phpbackend.com/
Just use a handful of Arduinos. You'll be fine.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Best bet now is the Chinese CPU
I bench YABS 24/7/365 unless it's a leap year.
Alright, time to bet on ARM CPUs for cloud computing.
🦍🍌
Imma double down on the Z80.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
indeed, Z80 is still used in some places, also it seems its making a comeback
https://www.specnext.com/first-zx-spectrum-next-delivered/
Edit: The vulnerability's complete name is: "Take A Way The Market Share" (from Intel)
about the research, I guess its sponsored by Intel, unfortunately they started to feel the pressure and now they resort to this kind of stories, but that's normal when you are selling bad quality products, you compensate by bad PR
conclusion: both are vulnerable, AMD is half the price
thank you Intel, drop dead
Doubt it would make a big difference now anyway. AMD is still cheaper and more secure.
I bench YABS 24/7/365 unless it's a leap year.
Afaik, some of Intel's vulnerabilties were also found out by Intel funded research, although I may be wrong.
Good morning.
Definitely doesn't impact the newer "performance" cpus and I doubt anyone is using the space heater cpu for vps nodes.
I can go back to sleep now .
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Those are based off AMD's Zen architecture, unless you're talking about the VIA stuff.
Cheap dedis are my drug, and I'm too far gone to turn back.
Forget about x86, build some arm servers
Action and Reaction in history
I guess anything with reasonable performance (with out-of order execution) will have this kind of side channel attacks?
DEC Alpha. Can you imagine an entire datacenter humming at 266Mhz machines slowly desoldering themselves?
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
What in my imagination is a large number of iPhone 6 in a rack.
Action and Reaction in history
..but can you run Tru64 on it?
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.