"Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs"

Researchers from the Graz University of Technology and the CISPA Helmholtz Center for Information Security have disclosed new timing and power-based side-channel attacks, which affect all CPUs made by AMD. The researchers were among those who discovered the original Meltdown and Spectre vulnerabilities. These side-channel attacks enable malicious applications installed on a targeted machine to exploit CPU weaknesses to gather sensitive information from memory associated with other applications, including passwords and encryption keys. Many of the previously disclosed side-channel attacks targeted Intel processors, but newly presented research shows that systems powered by AMD processors are also impacted. The new attacks exploit time and power measurements of prefetch instructions. According to the researchers, prefetch attacks on AMD processors leak more information than prefetch attacks on Intel processors. They demonstrated multiple attack scenarios, including one in which they executed a Spectre attack to leak sensitive data from the operating system, and found a new technique for establishing a covert channel to exfiltrate data. They also claim to have identified the first full microarchitectural KASLR (Kernel Address Space Layout Randomization) break on AMD that can work on all major operating systems. The exploit mitigation technique, KASLR, has been shown to be breakable on laptops, desktop PCs, and virtual machines in the cloud. This article continues to discuss key findings surrounding the new side-channel attacks affecting all AMD CPUs and the chipmaker's response to these discoveries. 

Security Week reports "Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs"