What you need to know
- Researchers discovered two new attacks that AMD processors are vulnerable to.
- AMD processors from 2011-2019 are vulnerable to the attacks.
- While the vulnerabilities lead to security risks, they are not as bad as well-known vulnerabilities Meltdown and Zombieland.
Researchers discovered two new vulnerabilities that can affect AMD processors from between 2011-2019. The attacks, called Collide+Probe and Load+Reload affect the security of data processed by affected AMD CPUs. As a result, attackers can steal information or affect security features. A team of six researchers from Graz University of Technology in Austria and the University of Rennes in France details their discoveries in an extensive document.
The team of researchers states that they contacted AMD regarding the issues in August of 2019, but AMD has not released firmware updates related to the issue since then. AMD states that the attacks "are not new speculation-based attacks." The research team disagrees with AMD's claim.
The attacks work by targetting the L1D cache way predictor. This feature improves the way CPUs handle cached data, which reduces power consumption. Below is a detailed explanation from the researchers' document:
The predictor computes a μTag using an undocumented hash function on the virtual address. This μTag is used to look up the L1D cache way in a prediction table. Hence, the CPU has to compare the cache tag in only oneway instead of all possible ways, reducing the power consumption.
The researchers also break down how they exploited the attacks:
In the first attack technique, Collide+Probe, we exploit μTag collisions of virtual addresses to monitor the memory accesses of a victim time-sharing the same logical core.
In the second attack technique, Load+Reload, we exploit the property that a physical memory location can only reside once in the L1D cache. Thus, accessing the same location with a different virtual address evicts the location from the L1D cache. This allows an attacker to monitor memory accesses on a victim, even if the victim runs on a sibling logical core.
AMD issued a response to the issue, in which it states, "AMD believes these are not new speculation-based attacks." AMD believes "this issue can be mitigated in software by using side-channel counter measures." The research team that discovered the attacks told ZDNet that AMD's response is "rather misleading" and added that AMD never engaged with the research team about the attacks. Additionally, the research team states that the attacks still work on full-update operating systems.
While these attacks present a security risk, Daniel Gruss, one of the researchers that discovered the attacks, stated on Twitter that they aren't as dangerous as Meltdown and Zombieload. He said in response to another Twitter user, "The attacks leak a few [bits] of meta-data. Meltdown and Zombieload leak tons of actual data."
Minecraft Dungeons lead talks its next DLC and the future endgame
We talk Minecraft Dungeons’ recent Jungle Awakens DLC, the Creeping Winter expansion, and future endgame plans with game director, Måns Olson.
Fix up your Xbox Elite Controller with these parts
Need some replacement parts for your Xbox One Elite Controller? From new paddles, grips, bumpers, thumbsticks, and more, we have you covered.
Hands-on with Windows 10 build 20161 showcasing the new Start menu
Yesterday, Microsoft released a new build of Windows 10 that includes an updated Start menu design with translucent Live Tiles, improvements to Notifications, and behavior changes to things like Tablet Mode and the Taskbar. It's been a while since Microsoft released a build with any surface-level changes, but now it's finally happened, we're back showcasing all the changes on video.
These are the best GPUs for your AMD Ryzen 9 3900X
If you have an AMD Ryzen 9 3900X, you're already well on your way to creating an incredibly powerful gaming PC. Another important component is the GPU and we've rounded up the best graphics cards for this incredible processor.