1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Intel and AMD CPUs alike could be affected by this alarming new c

    From TechnologyDaily@1337:1/100 to All on Thu Dec 7 21:15:05 2023
    Intel and AMD CPUs alike could be affected by this alarming new cyberattack

    Date:
    Thu, 07 Dec 2023 21:05:10 +0000

    Description:
    Academics have found a way to read important data directly from CPUs.

    FULL STORY ======================================================================

    Academic researchers from the Vrije Universiteit Amsterdam have discovered a new Spectre-based flaw in several major upcoming CPU chips, but the hardware manufacturers are seemingly unfazed by the findings.

    As reported by BleepingComputer researchers from the Systems and Network Security Group (VUSec Group) found a side-channel attack and dubbed it SLAM. It exploits hardware features being introduced in upcoming Intel, AMD, and
    Arm chips, allowing them to obtain root password hashes from the kernel memory.

    SLAM, short(ish) for Spectre based on LAM is described as a transient execution attack leveraging a memory feature that makes software use untranslated address bits in 64-bit linear addresses for storing metadata.
    All CPU manufacturers have this feature: on Intel devices, its Linear Address Masking (LAM), on AMD, its Upper Address Ignore (UAI), and on ARM, its Top Byte Ignore (TBI). Spectre v2 already mitigated, OEMs say

    To pull off the attack, the researchers exploited a previously unanalyzed class of Spectre disclosure gadgets - code instructions that can be manipulated to trigger speculative execution which displays sensitive information. The information generated this way is usually discarded, but there are traces (altered cache states and such) that can be observed to extract important data.

    To observe the traces, the academics built a scanner and used it to find hundreds of exploitable gadgets on the Linux kernel.

    But hardware manufacturers dont seem to be too fazed about the findings, with the majority believing they have already addressed the issue. ARM said its systems already mitigate against Spectre v2 and Spectre-BHB vulnerabilities, and as such need no additional checks. AMDs comment was in the same vein and did not bother to release new updates.

    Intel, however, said it would provide software guidance before publishing new LAM-supported chips. More from TechRadar Pro Working Spectre exploits for Windows and Linux devices uncovered Here's a list of the best firewalls today These are the best endpoint protection software right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/intel-and-amd-cpus-alike-could-be-affec ted-by-this-alarming-new-cyberattack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)