[TheRecord] Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected

Two academic papers have been published over the past two months detailing new side-channel attacks in AMD processors that have eerily similar consequences to the Meltdown attack disclosed in early 2018, to which AMD CPUs were previously thought to be immune.

The original idea of the Meltdown attack was that malicious apps could abuse a CPU’s speculate execution operations to break the barrier between apps and the operating system kernel.

Academics said the attack could allow a malicious app to steal sensitive information from the kernel, such as passwords, encryption keys, and user data, information to which an app would normally not be able to access.

Initially, the team behind the Meltdown attack said their technique only worked against Intel processors and that AMD had used a different design for its speculate execution feature that was not vulnerable to their attack.

While later research found that Arm processors were also vulnerable, a classic Meltdown attack was never proven to be successful against AMD’s CPUs.

Two Meltdown-like attacks disclosed in AMD CPUs in two months

However, in a paper published in August, academics from the Technical University in Dresden, Germany, said that after more than three years, they found a way to attack AMD CPUs with what they called a Meltdown-like technique.

The attack, which is too complex to explain in this article, was found to work against AMD’s Zen processor line, but in a security advisory last month, AMD admitted that all its CPUs were affected.

And if this wasn’t enough, a second paper published this month described a second method of launching Meltdown-like attacks against AMD CPUs.

This second technique, discovered by three of the researchers who found the original Meltdown attack back in 2018, abuses x86 PREFETCH instructions and has the same effect of leaking kernel address space information, the team explained.

Yesterday, AMD confirmed this second attack as well and said that just like the issue disclosed in August, all AMD CPUs are vulnerable.

The chipmaker has not released any firmware patches for either of the two attacks —tracked as CVE-2020-12965 and CVE-2021-26318— but instead, it asked software developers to follow secure coding methodologies [PDF], the same advice that Intel has been giving since 2018.

It also needs to be said that despite being disclosed in early 2018, security researchers/firms have yet to see the Meltdown and Spectre attacks in any real-world scenarios.

However, as academics explained at the time, the attacks are “unlike usual malware” and would also be very hard to detect.

The post Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] CrowdStrike Launches Falcon XDR, Free Edition of Humio Data Warehouse

All posts, Security Week

CrowdStrike made two major announcements at its own Fal.Con (virtual) conference this week, launching a free Community Edition of Humio, and announcing Falcon XDR. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] How Zscaler combined active threat defense and zero trust

All posts, ZDNet

Zscaler’s cloud acts as a hub for security resources to connect with one another. Now it is adding active defense with the acquisition of Smokescreen. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Cream Finance platform pilfered for over $34 million in cryptocurrency

All posts, ZDNet

The project has promised to cover losses suffered by its users. Source: Read More (Latest topics for ZDNet in Security)

Read More