New security vulnerabilities discovered for both Intel and AMD CPUs
CPU vulnerabilities have been a rather common sight these last few years. With both Intel and AMD having been affected by a variety of security issues over the years, there’s no real surprise that the manufacturers have now been victimized by more vulnerabilities recently. So let’s run through the various vulnerabilities and the CPUs they impact.
Let’s start with AMD, who have CPU issues affecting processors dating from 2011 to 2019. Collide+Probe is the first of these two AMD issues. The second is called Load+Reload. Both of these affect the same series of processors. Both of them can leak secret data from AMD processors by manipulating the L1D cache predictor. This means that the Zen microarchitecture is vulnerable to the exploits.
The L1D cache predictor is used in AMD CPUs to separate datastreams at the hardware level, allowing the system to cache the information for much more immediate access. L1 caches are the nearest physical caches to the cores, allowing for direct access to cores and the data they operate with. These attacks use a side-channel attack vector to access memory that would normally be stored in protected zones.
AMD responded to our queries with an advisory the company posted to its website:
“We are aware of a new whitepaper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.”
For Intel though, it looks like things are far worse. The second set of vulnerabilities affect Intel’s Converged Security and Management Engine (CSME). For starters, the CSME is a SoC (system on a chip) that allows the CPU to manage data transmission and security within the entire system. And exploiting an issue with the Read-Only Memory has allowed hardware hackers to bypass that security, invalidating and protections within Intel CPUs.
This is done by taking advantage of the issues to read encryption keys for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module. This biggest issue with this is that any malware running on the system can fool the CSME into thinking that it isn’t reading protected data. According to researchers, these issues must be fixed by hardware-level fixes.