Security News > 2020 > March > Researchers Disclose Two New Attacks Against AMD CPUs

Researchers Disclose Two New Attacks Against AMD CPUs
2020-03-09 14:51

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks.

The Collide+Probe attack can also be launched remotely via a web browser without user interaction, which the experts have shown through an attack on ASLR. "We evaluated our new attack techniques in different scenarios. We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel," the researchers said.

They have admitted that the new attacks are not as serious as some of the previously disclosed methods, such as Meltdown and Zombieload, which leaked "Tons of actual data" rather than "a few bits of metadata" as the new attacks do.

AMD has published a short statement in response to the disclosure of the new attacks.

"We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks," AMD said.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/mrmnS4Muva8/researchers-disclose-two-new-attacks-against-amd-cpus

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
AMD 892 5 120 122 27 274