[TheRecord] Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected

Two academic papers have been published over the past two months detailing new side-channel attacks in AMD processors that have eerily similar consequences to the Meltdown attack disclosed in early 2018, to which AMD CPUs were previously thought to be immune.

The original idea of the Meltdown attack was that malicious apps could abuse a CPU’s speculate execution operations to break the barrier between apps and the operating system kernel.

Academics said the attack could allow a malicious app to steal sensitive information from the kernel, such as passwords, encryption keys, and user data, information to which an app would normally not be able to access.

Initially, the team behind the Meltdown attack said their technique only worked against Intel processors and that AMD had used a different design for its speculate execution feature that was not vulnerable to their attack.

While later research found that Arm processors were also vulnerable, a classic Meltdown attack was never proven to be successful against AMD’s CPUs.

Two Meltdown-like attacks disclosed in AMD CPUs in two months

However, in a paper published in August, academics from the Technical University in Dresden, Germany, said that after more than three years, they found a way to attack AMD CPUs with what they called a Meltdown-like technique.

The attack, which is too complex to explain in this article, was found to work against AMD’s Zen processor line, but in a security advisory last month, AMD admitted that all its CPUs were affected.

And if this wasn’t enough, a second paper published this month described a second method of launching Meltdown-like attacks against AMD CPUs.

This second technique, discovered by three of the researchers who found the original Meltdown attack back in 2018, abuses x86 PREFETCH instructions and has the same effect of leaking kernel address space information, the team explained.

Yesterday, AMD confirmed this second attack as well and said that just like the issue disclosed in August, all AMD CPUs are vulnerable.

The chipmaker has not released any firmware patches for either of the two attacks —tracked as CVE-2020-12965 and CVE-2021-26318— but instead, it asked software developers to follow secure coding methodologies [PDF], the same advice that Intel has been giving since 2018.

It also needs to be said that despite being disclosed in early 2018, security researchers/firms have yet to see the Meltdown and Spectre attacks in any real-world scenarios.

However, as academics explained at the time, the attacks are “unlike usual malware” and would also be very hard to detect.

The post Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] North Korean hackers target employees of news outlets, software vendors and more through Chrome vulnerability

Google has released a report identifying two North Korean government hacking campaigns that exploited a Google Chrome 0-day. Google Threat Analysis Group’s Adam Weidemann explained that on February 10, the company discovered two different North Korean campaigns – which they attributed to Operation Dream Job and Operation AppleJeus – exploiting CVE-2022-0609. Researchers have been aware […]

Read More

[TheRecord] Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach

Okta’s chief security officer David Bradbury released a statement on Tuesday afternoon saying Okta “has not been breached and remains fully operational.” Extortion group Lapsus$ claimed this weekend on its Telegram channel that it had access to Okta’s systems, and the company said on Monday night that it was investigating the claims.  While Bradbury denied […]

Read More

Daily NCSC-FI news followup 2021-11-01

Trojan Source’ Bug Threatens the Security of All Code krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/ Virtually all compilers programs that transform human-readable source code into computer-executable machine code are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple […]

Read More