CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    40,587
    Messages:
    29,272
    Likes Received:
    57,544
    Trophy Points:
    931
    Amd's sorts of Plundervolt?

    "By manipulating the input voltage to AMD systems on a chip (SoCs), we induce an error in the read-only memory (ROM) bootloader of the AMD-SP, allowing us to gain full control over this root-of-trust," the paper says. "This type of attack is commonly referred to as voltage fault injection attacks."

    AMD and researchers spar over shocking attack's real-world dangers windowscentral.com | Aug 24,2021


    The security of AMD SEV (Secure Encrypted Virtualization) is in question, as researchers claim they've exposed a critical weakness. However, AMD disagrees that the matter holds much weight.

    AMD replied that this is not a remote attack scenario, casting doubt over the real-world utility of the attack. However, the researchers came back with a statement. When speaking to TechRadar Pro, Robert Buhren, one of the paper's authors, pointed out that "no physical tampering with machines in the data center is required" and that the threat posed by a voltage fault injection attack is very much real.

    Furthermore, Buhren highlighted that the vulnerability being unrelated to firmware means that firmware updates can't stop it, making it even more dangerous. AMD has yet to publicly reply to the updated researcher response.
     
    Vasudev, ajc9988, Starlight5 and 4 others like this.
  2. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    5,362
    Messages:
    12,656
    Likes Received:
    2,688
    Trophy Points:
    631
    How many years ago did I predict this? 'Insert manufacturer you love here' will never be vulnerable! Not! Lol...
     
  3. KING19

    KING19 Notebook Deity

    Reputations:
    340
    Messages:
    1,120
    Likes Received:
    701
    Trophy Points:
    131
    Every manufacturer have undiscovered vulnerabilities, even AMD chips are not safe especially from Spectre and other type of attacks and thats already been proven here in this thread

    http://forum.notebookreview.com/thr...atches-and-more.812424/page-134#post-11087696

    Nothing is ever completely safe
     
    Last edited: Aug 25, 2021
  4. Starlight5

    Starlight5 Yes, I'm a cat. What else is there to say, really?

    Reputations:
    815
    Messages:
    3,229
    Likes Received:
    1,635
    Trophy Points:
    231
    This vulnerability only afects EPYC, FWIW.
     
    Vasudev, Papusan and etern4l like this.
  5. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    40,587
    Messages:
    29,272
    Likes Received:
    57,544
    Trophy Points:
    931
    Exactly.

    After Razer, SteelSeries Software Also Hit by Zero-Day Vulnerability, SteelSeries Responds (Update) tomshardware.com

    0-day strikes in SteelSeries Software
     
    Vasudev, KING19, Clamibot and 3 others like this.
  6. Clamibot

    Clamibot Notebook Deity

    Reputations:
    594
    Messages:
    1,043
    Likes Received:
    1,292
    Trophy Points:
    181
    At this point, I've pretty much stopped caring about security as long as the really important stuff isn't compromised (bank acocunt info, social security info, etc.). I don't store that information anywhere except in my brain anyway. There are too many vulnerabilities out there to keep track of or for me to care about.

    I just want the best absolute performance. Minimal security is ok with me as long as the really important stuff isn't compromised.
     
  7. Starlight5

    Starlight5 Yes, I'm a cat. What else is there to say, really?

    Reputations:
    815
    Messages:
    3,229
    Likes Received:
    1,635
    Trophy Points:
    231
    Over the years, I've taken the opposite stance. It doesn't help the situation that rather simple ARM SoCs end up more secure than reasonably recent x86...
     
    Vasudev and Papusan like this.
  8. KING19

    KING19 Notebook Deity

    Reputations:
    340
    Messages:
    1,120
    Likes Received:
    701
    Trophy Points:
    131
    Personally i dont mind having more security but not at the cost of losing performance nor taking away certain features. With technology there always will be vulnerabilities and its a never ending war.
     
  9. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    40,587
    Messages:
    29,272
    Likes Received:
    57,544
    Trophy Points:
    931
    AMD Zen+ & Zen 2 CPUs Vulnerable To Meltdown-Like Cyber Attacks wccftech.com

    Researchers Disclose Meltdown-like Vulnerability for AMD Processors (Updated) tomshardware.com - 8 minutes ago

    Mitigations require software re-coding

    Update, 8/31/2021 7:30am PT:
    Updated article and title to clarify that the vulnerability applies to all AMD processors, not just the Zen 2 and Zen+ models listed in the research paper.

    Original article:
    AMD, the company's Zen 2 and Zen+ processors suffer from a new Meltdown-like vulnerability, but the problem appears to be far more wide-ranging. AMD has prepared a guide on mitigating the vulnerability and published details about how the vulnerability works, but the company's security bulletin also notes that all AMD CPUs are vulnerable. Called "Transient Execution of Non-canonical Accesses," this vulnerability acts very similarly to the already-disclosed Meltdown vulnerability that only impacts Intel CPUs.

    Saidgani Musaev and Christof Fetzer, researchers from Dresden Technology University, discovered the vulnerabilities in AMD Zen+ and Zen 2 processors. The researchers disclosed the CVE-2020-12965 vulnerability to AMD in October 2020, giving the company enough time to develop a mitigation technique that AMD has addressed in the official paper on Arxiv (PDF) and AMD's security website.

    As a reminder!
    [​IMG]
     
    Last edited: Aug 31, 2021
  10. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    5,362
    Messages:
    12,656
    Likes Received:
    2,688
    Trophy Points:
    631
    The reminder... is apt.
     
    KING19, Vasudev and Papusan like this.

Share This Page