Researchers detail three new Intel and AMD Specter vulnerabilities

the ripples created by the widely used Spectrum vulnerability, who impacted a multitude of processors and devices in 2018, are felt to this day. Security researchers have discovered several new variants of the flaw which, while difficult to achieve, would be difficult to mitigate.. The three new types of potential Specter attacks affect all modern AMD and Intel processors with micro-op caches, according to a new paper academics from the University of Virginia and the University of California at San Diego. To make matters worse, none of the existing Specter mitigations can protect against attacks using the new variants.

Before making the information public, researchers warned Intel and AMD of exploits that could potentially allow hackers to steal data from a machine, reports Phoronix. But, as of yet, no firmware updates or OS fixes have been released, and it can stay that way. This is because the nature of the attacks and their mitigations are convoluted and come with a major caveat.

According to Tom’s material, the danger can be limited to direct attacks because it is extremely difficult to exploit vulnerabilities in the micro-ops cache. In essence, the malware should bypass all other software and hardware security measures in modern systems.

For processor manufacturers, one of the biggest concerns will be the performance-impacting mitigation measures described by researchers, including flushing the micro-op cache at domain crosses or tier-based partitioning. privilege of caches. The authors of the article claim that this mitigation would result in “a much greater performance penalty” than those associated with previous attacks.

The first of the trio of possible exploits is a single, cross-domain thread attack that leaks secrets across the user’s kernel boundary. A separate variant relies on a cross-SMT thread attack that passes secrets across two SMT threads through the micro-op cache. The document also describes “transient execution attacks” which can be used “to disclose an unauthorized secret accessed along an improperly specified path, even before the transient instruction is sent at execution”.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *