Security News > 2020 > November > IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips

IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips
2020-11-20 21:21

IBM Power9 processors, intended for data centers and mainframes, are potentially vulnerable to abuse of their speculative execution capability.

On Thursday IBM published a security advisory that explains, "IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances."

Since the Spectre and Meltdown disclosures, security researchers have revealed similar techniques for compromising sensitive data data through side channel attacks.

In a post to security mailing list, Linux kernel contributor Daniel Axtens said while hardware and software security mechanisms for Power9 systems prevent an attacker from directly accessing protected memory, these built-in protections fail to deal with an scenario in which an attacker induces the operating system to speculatively execute instructions using data the attacker controls.

Not only has there been a steady stream of techniques to attack CPUs through structures like branch predictors, caches, and random number generators, among others, but boffins believe System-on-Chip cross-component attacks could yield new attack paths.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/20/ibm_power9_flaw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
IBM 736 216 2774 1264 248 4502