The exposure of ghosts and fuse vulnerabilities has brought unprecedented attention to and attention to the security of CPU processors, especially the serious impact on Intel, and since then new vulnerabilities have been exposed, with varying degrees of severity and impact. Researchers at the University of Technology in Graz, Austria, have published a paper saying they have discovered two new ways to attack AMD processors, Collide-Probe, Load-Reload, collectively known as “Take A Way,” that can steal encrypted data from processors by tricking first-level data caching indicators.
The vulnerability is described as a new side channel attack and belongs to the famous Spectre series.
The researchers say the vulnerability affected all processors at AMD 2011-2019, including the Bulldozer family and the Zen family.
The researchers tested a total of 15 different models of AMD processors, including the K8 architecture’s Speed Dragon 64 X2 3800 Plus, K10 Architecture’s Dragon II X6 1055T and The Dragon II Neo N40L, Bobcat Bobcat Architecture’s E-450, Jaguar Jaguar Architecture’s Speed Dragon 5350.
But since then, the new architecture processors have all fallen, including the FX-4100 of the bulldozer architecture, the FX-8350 of the piling machine architecture, the A10-7870K of the excavator architecture, the thread tearer of the Zen architecture 1920X/1950X and the Dragon 7401p/7571, the thread tearer of the Zen-architecture 2970WX, and the Zen-2707-Dragon.
Of these, two dragons were tested in the cloud, while the other processors were tested locally in the lab.
The researchers did not say whether Intel’s processors were affected.
The researchers said they fed the vulnerability back to AMD on August 23, 2019, but had not seen a security update and that public disclosure was in line with industry practice.
Fortunately, AMD quickly responded officially, telling everyone not to worry.
“We are aware of a new paper that says AMD processors have potential security vulnerabilities that allow for malicious code and cache-related features to send user data in an unusual manner,” AMD said. The researchers linked this data path to a prediction-executing side channel vulnerability. AMD believes these are not new predictive attacks. “
With that in mind, AMD does not believe that this so-called new vulnerability poses a real security threat and does not release update patches, but advises users to ensure that the operating system is up-to-date, update all patches, and pay attention to the security of day-to-day operations.