Home Security New Flaw in AMD Zen 2 Processors Places Encryption Keys and Passwords at Danger

New Flaw in AMD Zen 2 Processors Places Encryption Keys and Passwords at Danger

by crpt os


Jul 25, 2023THNHardware Security / Encryption

A new security vulnerability has been discovered in AMD’s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords.

Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second.

The issue is part of a broader category of weaknesses called speculative execution attacks, in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers.

“Under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly,” AMD explained in an advisory. “This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.”

Web infrastructure company Cloudflare noted that the attack could even be carried out remotely through JavaScript on a website, thereby obviating the need for physical access to the computer or server.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

“Vectorized operations can be executed with great efficiency using the YMM registers,” Cloudflare researchers Derek Chamorro and Ignat Korchagin said. “Applications that process large amounts of data stand to gain significantly from them, but they are increasingly the focus of malicious activity.”

“This attack works by manipulating register files to force a mispredicted command. Since the register file is shared by all the processes running on the same physical core, this exploit can be used to eavesdrop on even the most fundamental system operations by monitoring the data being transferred between the CPU and the rest of the computer,” they added.

While there is no evidence of the bug being exploited in the wild, it’s essential that the microcode updates are applied to mitigate potential risk as and when they become available through original equipment manufacturers (OEMs).

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex