430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Boffins devise a new side-channel attack affecting all AMD CPUs

A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs. Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security devised a new side-channel attack that […]

amd SEV

A group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs.

Researchers Moritz Lipp and Daniel Gruss of the Graz University of Technology and Michael Schwarz of the CISPA Helmholtz Center for Information Security devised a new side-channel attack that affects AMD CPUs.

The group was one of the teams that first discovered Meltdown and Spectre vulnerabilities, their successful exploitation can allow threat actors to steal sensitive information from the memory of the vulnerable system.

The new attacks devised by the researchers leverage time and power measurements of prefetch instructions, experts pointed out that their variations can be observed from unprivileged userspace.

“We discover timing and power variations of the prefetch instruction that can be observed from unprivileged user space. In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information.” reads the announcement published by the experts.

Experts demonstrated their attack technique with multiple case studies in real-world scenarios. 

The researchers demonstrated the first microarchitectural break of (fine-grained) the exploit mitigation technique KASLR on AMD CPUs. They monitored kernel activity (e.g. If audio is played over Bluetooth) and were able to establish a covert channel. The team also demonstrated also how to exfiltrate data from kernel memory using simple Spectre gadgets in the Linux kernel.

The flaws were collectively tracked as CVE-2021-26318, according to AMD the medium severity flaws impacts all of its CHIPS. However the chip maker doesn’t recommend any mitigations because the the attack scenarios presented by the researchers do not directly leak data across address space boundaries.

The researchers reported their findings to AMD on June 16th, 2020, and the remaining parts on November 24th, 2020. AMD acknowledged the findings and provided feedback on February 16th, 2021.

The research paper also includes countermeasures and mitigation strategies for the presented attacks such as:

  • Page Table Isolation;
  • FLARE;
  • Prefetch Configuration MSRs;
  • Restricting Access;

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cyber security)

[adrotate banner=”5″]

[adrotate banner=”13″]