AMD forced to fix Spectre patch after Intel reveals flaws

Intel has revealed several apparent shortcoming in some of the security protections offered by its great rival AMD.

The company had recently discovered new Spectre-like vulnerabilities affecting both its chips, as well as those produced by ARM. AMD’s devices were reportedly immune, but while Intel was investigating its rival's previous patches to try and find a way to mitigate the new flaws, it found them to be broken.

AMD was immediately notified, and the company quickly pushed a new security bulletin, updating its guidance, and recommending an alternative solution to the Spectre problem. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

AMD issued the flawed solution back in 2018, and now it would seem that almost every modern AMD processor, including Ryzen and EPYC families, is affected. 

No known exploits

In its security bulletin, AMD acknowledges the problem, but adds that there is no evidence of the flaw being abused on any endpoints in the wild. 

Last week, news broke of a new variant of the dreaded Spectre vulnerability being discovered, albeit in a proof-of-concept. However, the sheer promise of its destructive power prompted all major chipmakers into action.

Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI). 

It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords.

The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2).

Read more

> How to protect against the Meltdown and Spectre CPU security flaws

> Microsoft rolls out Meltdown and Spectre fixes for Windows 7 and 8.1

> Keeping your CPU safe from Spectre imposes serious performance penalty

Fortunately, this is also just a proof-of-concept vulnerability that is already being mitigated by both companies, which means its use on laptops or computers in the wild should be relatively limited. However, previous fixes all affected the performance of the chips, a problem that might rear its ugly head, once again.

Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.

A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on this link.

• Check out the best workstations right now

Via: Tom's Hardware

from TechRadar - All the latest technology news https://ift.tt/icmtO3G