- AMD finds four deficiencies, separately low in severity, but powerful when combined
- Together they may be abused in attacks on information information
- The list of affected devices is quite extensive, so be on your guard
AMD has discovered that several safety vulnerability that affect many of its chips can be linked to create an regarding hack that can result in information information.
The four vulnerabilities are traced as CVE-2024-36349 (3.8), CVE-2024-36348 (3.8), CVE-2024-36357 (5.6) and CVE-2024-36350 (5.6). Together, they can be used in a so-called transient planning attack (TSA), a side channel or timing-based attack that is likely to utilize short-term planning decisions made by the CPU planner to leak information.
Since this is a side channel attack that results in information information, it corresponds to the notorious degradation and Specter error that dominated the security scene for several months.
Updating the systems
Separately, the vulnerabilities were given relatively low severity, as the devices must be compromised in advance, either by physical presence or through malware before they can be exploited.
In addition, TSA had to be performed many times before any meaningful data could be extracted.
How to arise a theoretical attack: A CPU expects load instructions to complete fairly quickly. But if there is a condition that prevents them from doing so, a “false completion” happens. As the load did not fill out, the data is forwarded from the load to dependent operations, which affects the time of the instructions that the CPU performs – something that the attacker can observe.
The worst case is AMD chips that leak us -core information -but other applications or VMs can also leak data.
A patch is already available and AMD advised system administrators to update to the latest Windows versions as soon as possible.
Those who are unable to install the patch quickly can implement a solution involving a VERW instruction, but AMD has advised against it as it could reduce the system’s performance. In any case, the details of the mitigation are found here.
The full list of all affected chips, including EPYC, RYZEN, INSTINCT, Ahtlon and others, can be found in AMD’s advice.
Via Registered
