AMD Warns of New Meltdown, Spectre-like Bugs Affecting CPUs (theregister.com) 17
AMD is warning users of a newly discovered form of side-channel attack affecting a broad range of its chips that could lead to information disclosure. Register: Akin to Meltdown and Spectre, the Transient Scheduler Attack (TSA) comprises four vulnerabilities that AMD said it discovered while looking into a Microsoft report about microarchitectural leaks.
The four bugs do not appear too venomous at face value -- two have medium-severity ratings while the other two are rated "low." However, the low-level nature of the exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess the threat as "critical."
The reasons for the low severity scores are the high degree of complexity involved in a successful attack -- AMD said it could only be carried out by an attacker able to run arbitrary code on a target machine. It affects AMD processors (desktop, mobile and datacenter models), including 3rd gen and 4th gen EPYC chips -- the full list is here.
The four bugs do not appear too venomous at face value -- two have medium-severity ratings while the other two are rated "low." However, the low-level nature of the exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess the threat as "critical."
The reasons for the low severity scores are the high degree of complexity involved in a successful attack -- AMD said it could only be carried out by an attacker able to run arbitrary code on a target machine. It affects AMD processors (desktop, mobile and datacenter models), including 3rd gen and 4th gen EPYC chips -- the full list is here.
Mitigation (Score:5, Informative)
This one needs microcode, kernel, and hypervisor patches, the latter two needing to flush cache when transitioning between trusted and untrusted code.
Bulletin: https://www.amd.com/content/da... [amd.com]
Uh huh (Score:1)
So the only thing the attacks need to steal information from your system is to already have access to the system to run arbitrary code on it. Gotcha.
Re: (Score:3, Insightful)
Websites run arbitrary code on your system all the time unless you disable Javascript.
It may be hard if not impossible to exploit these vulnerabilities from Javascript, but one should not be complacent about the "arbitrary code" requirement.
Re: Uh huh (Score:2)
I think this is a fair statement. Its obviously difficult but not impossible to exploit this type of situation. Its good that AMD is handling it. Granted I know only basics on CPU development but so many CPUs are affected that I question quality assurance testing. How do such issues occur? You can't test for everything but seriously hire a qualified QA team to test these CPUs before releasing them. Just like with Intel mistakes, QA is very much needed. I once worked for a company where the developers were t
Re: (Score:1)
Do you think for some reason AMD doesn't test chips?
Side channel attacks like this aren't at all obvious even to quality assurance testers, and besides that, this isn't a quality issue. New classes of bugs which take groups of experts to discover aren't going to be found by QA.
Re: (Score:2)
You mean like how modern JavaScript engines compile WASM to machine code?
Re: (Score:2)
Yes, this is something quite relevant in a server environment where you give countless unknown users access to run arbitrary code on a CPU. Your sarcasm shows you didn't think through the impact this problem may have. Spectre / Meltdown have always been a small risk to you specifically on your machine, while presenting quite a large risk for large service providers.
Impacts Zen microarchitecture (Score:2)
If you have a AMD chip based on the the Zen microarchitecture then you are impacted. The older Bulldozer and Piledriver microarchitectures are not impacted by this. If your CPU uses socket AM4, SP3/SP3r2, or TR4 then you are impacted.
Sticking with an AMD FX chip seems to have been the winning move.
Re: (Score:2)
The Ryzen 3000 series is only impacted by the minor vulnerabilities, only leak useless information (can leak timestamp counter TSC_AUX and a CPU configuration).
Re: (Score:2)
AM5 too, Raphael is in the list.
I don't see any Zen5 CPU listed though, is it not affected?
Past caring. (Score:1)
Re: (Score:2)
Number of times I can say I've been a victim of them over the past 33 years of owning a PC.....zero.
Or so you think... ;)
CrowdStrike is still around? (Score:2)
Why are they not dead after that extreme demonstration of greed and incompetence?
Re: (Score:1)
That's not how it works.
93 (Score:2)
I collect the officially published article for each of these hardware vulnerabilities faster than I have chance to read them.
With this one, I've got 93 articles, and counting.
I'm sure that an actual researcher in this field would have quite many more ...