• Latest
  • Trending
Intel, AMD, Arm warn of new speculative execution CPU bugs

Intel, AMD, Arm warn of new speculative execution CPU bugs

March 10, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 5 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Intel, AMD, Arm warn of new speculative execution CPU bugs

by ITECHNEWS
March 10, 2022
in Leading Stories, Tech
0 0
0
Intel, AMD, Arm warn of new speculative execution CPU bugs

Security researchers have found new a new way to bypass existing hardware-based defenses for speculative execution in modern computer processors from Intel, AMD, and Arm.

Today, the three CPU manufacturers have published advisories accompanied by mitigation updates and security recommendations to tackle recently discovered issues that allow leaking of sensitive information despite  isolation-based protections.

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

Speculative execution trouble

The speculative execution technique is designed to optimize CPU performance by running some tasks in advance (branch prediction) so the information is available when required.

In 2018, researchers discovered a way to leak information derived from these proactive computations, naming the associated vulnerabilities Meltdown and Spectre.

Since then, vendors have released software-based mitigations such as “Retpoline” that isolate indirect branches from speculative execution. Chipmakers have also addressed the issues with hardware fixes like the eIBRS from Intel and CSV2 from Arm.

Bypassing Spectre fixes

Researchers at VUSec detail in a technical report today a new method to bypass all existing mitigations by leveraging what they call Branch History Injection (BHI).

The paper underlines that while the hardware mitigations still prevent unprivileged attackers from injecting predictor entries for the kernel, relying on a global history to select the targets creates a previously unknown attack method.

A malicious actor with low privileges on the target system can poison this history to force the OS kernel to mispredict targets that can leak data.

To prove their point, the researchers also released a proof of concept (PoC), demonstrating arbitrary kernel memory leak, successfully disclosing the root hash password of a vulnerable system.

Intel responded to this finding by assigning two medium-severity vulnerabilities, CVE-2022-0001 and CVE-2022-0002, and recommending users to disable access to managed runtimes in privileged modes.

For a complete list of mitigation recommendations, check out this dedicated page, while a list of all the affected processor models is available here.

Arm has also published a security bulletin on the issue, as the novel history poisoning attack affects several of its Cortex-A and Neoverse products.

VUsec has prepared a paper on the new BHI attack that will be presented at the 31st USENIX Security Symposium this year.

Straight-line-speculation

In parallel news that coincide in disclosure, grsecurity has published the details and a PoC that can leak confidential data from AMD processors via a new straight-line-speculation (SLS) attack method.

This new variant of SLS affects many AMD chips based on the Zen1 and Zen2 microarchitectures, including EPYC, Ryzen Threadripper, and Ryzen with integrated Radeon Graphics.

AMD has published a list of the affected products and also a whitepaper that offers security advice for the medium-severity flaw tracked as CVE-2021-26341.

As of now, AMD has not seen any examples of active exploitation of this security vulnerability in the wild, but it’s still important to apply the recommended mitigations.

Source: Bill Toulas
Via: bleepingcomputer
Tags: AMDArm warn of new CPU bugsIntel
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version