Edition of The Record reports that in recent months have been published just two of the report, which new attack on the sides of the channel are described in detail (side-channel) for AMD processors. The attacks are very similar to the Meltdown issue discovered in early 2018, but AMD processors were previously thought to be immune to this bug.
Let me remind you that the essence of the Meltdown attack was that malicious applications can abuse the proactive (or speculative) CPU command execution mechanism in order to overcome the barrier separating applications from the operating system kernel. As a result, the malicious application was able to steal sensitive information from the kernel, including passwords, encryption keys, and user data, to which it usually could not have access.
The Meltdown problem originally explained that this attack only works against Intel processors, while AMD uses a different speculative computing mechanism that is immune to this bug.
Now, however, scientists from the Dresden University of Technology said that after more than three years, they still found a way to attack AMD processors using the “Meltdown method.” And although in their report the experts write only about the vulnerability of the Zen line processors, AMD engineers soon announced that all the company’s processors were vulnerable to such attacks.
Unfortunately, this was not the end of the story: a second article was published this month , which describes another method for launching Meltdown attacks on AMD processors. The authors of this publication, who discovered the original Meltdown attack in 2018, write that the second attack method exploits the x86 PREFETCH instructions and leaks information about the kernel address space in the same way. Alas, this week AMD confirmed that the experts’ conclusions are correct and all the company’s processors are also vulnerable to this problem.
So far, no patches have been released for these bugs, which are tracked under IDs CVE-2020-12965 and CVE-2021-26318. AMD only asks developers to remember about secure coding methodologies , just as Intel did in 2018.
Catch up on more stories here
Follow us on Facebook here