11.08.2022., 19:26
|
#361
|
|
McG
Datum registracije: Feb 2014
Lokacija: Varaždin
Postovi: 6,806
|
Taman pred izlazak i dolazak novih AMD Ryzen 7000 i Intel Raptor Lake modela, friški PoCjetnik da neprijatelj nikad ne spava.  
Citiraj:
APIC leak is an architectural CPU bug affecting 10th, 11th, and 12th Gen Intel Core Processors
Citiraj:
|
The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ĆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors. n contrast to transient execution attacks like Meltdown and Spectre, ĆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ĆPIC Leak is like an uninitialized memory read in the CPU itself.
|
Izvor: TechPowerUp
|
Citiraj:
AMD's Zen architecture is vulnerable to a new insideous SMT security flaw
Citiraj:
Researchers have detailed the SQUIP attack, which is particularly worrisome for users of AMD Zen 1, Zen 2 and Zen 3 processors. Researchers were able measure the precise degree of Scheduler Queue Usage (i.e., occupancy) via Interference Probing, giving the attack its name. Using this technique, it was possible in tests to recover a full RSA-4096 encryption key from a user on a co-located virtual machine (VM) and co-located process. SQUIP is claimed by researchers from the Graz University of Technology, the Georgia Institute of Technology, and the Lamarr Security Research Center to be the first side-channel attack on scheduler queues. Regular readers will be aware of the raft of side-channel memory reading vulnerabilities a few years back, with the most famous being Spectre and Meltdown. Here the data isn’t spied upon in memory, but within the processor scheduler queue.
For this reason, AMD Zen 1, Zen 2 and Zen 3 processors are the most vulnerable – with per execution unit scheduler queues and SMT (simultaneous multi-threading) providing the co-located VM/process snooping opportunities. Based on the above information, this vulnerability is not likely to be a huge problem for home PC users, enthusiasts and gamers. The attack as it is currently known to work relies on a few special conditions – namely that the attacker and victim must have co-located VMs or processes using the same physical core but run their code on different SMT threads. Thus, the victim’s process can be spied upon by an attacker using the other core thread in a VM. The researchers were able to extract data at a rate of 0.89 Mbit/s from a co-located VM and a rate of 2.70 Mbit/s from a co-located process with very high degrees of accuracy.
|
Izvor: HotHardware
|
__________________
AMD Ryzen 7 Pro 4750G + Vega iGPU | be quiet! Pure Rock 2 Black | MSI B450 Tomahawk Max II | 32GB G.Skill DDR4-2666 Value | 256GB AData SX8200 Pro NVMe | 2x4TB WD Red Plus | Fractal Define 7 Compact | Corsair CX450M
Zadnje izmijenjeno od: The Exiled. 11.08.2022. u 20:25.
|
|
|