All AMD CPUs Found Harboring Meltdown-Like Security Flaw

All AMD CPUs Found Harboring Meltdown-Like Security Flaw

When news began to break three and a half years ago regarding a pair of new security flaws, Meltdown and Spectre, it quickly became apparent that plenty of eyeballs were laser-focused on Intel’s security implementations. There was nothing wrong with this, as such — CPU security deserves to be scrutinized — but in many cases, far more attention was being given to Intel over AMD.

The question of whether AMD CPUs were more secure than Intel CPUs was widely debated in the enthusiast community, but to no clear conclusion. While far more vulnerabilities were found in Intel chips, the researchers investigating these flaws often acknowledged that they either did not have access to AMD hardware to test or that the limited tests they had run on AMD kit using techniques known to disrupt Intel processors had not worked.

We know there are differences in how AMD and Intel implement speculative execution, so it was never clear how much of AMD’s apparent immunity was due to hardware design and how much was provided by “security through obscurity.” AMD, to its credit, never told the press that its CPUs were immune to attacks like Spectre and Meltdown, and it didn’t launch any major advertising campaigns around the idea that it represented the “safe” x86 choice. Good thing, too. Researchers have now found a Meltdown-equivalent attack that affects AMD processors.

All AMD CPUs Found Harboring Meltdown-Like Security Flaw

The research paper acknowledges that the attack against AMD CPUs is not executed in precisely the same manner as Intel CPUs, but the end result is the same. Meltdown is a vulnerability that abuses speculative execution to leak kernel data to applications that shouldn’t have access to it. The authors write: “This class targets architecturally illegal data flow from microarchitectural elements s (e.g., L1 Cache, Store/Load-Buffer, Special Register Buffer). Such an illegal data flow allows an attacker to exploit transient execution to expose data and change the microarchitectural state.”

According to the authors’ security analysis, AMD’s Meltdown variant “does not lead to cross-address space leaks, but it provides a reliable way to force an illegal data flow between microarchitectural elements.” The team believes this is the first demonstration of this type of flaw in an AMD chip. AMD describes the issue as “AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits.” The full 64-bits of an address are not evaluated when performing speculative execution, and this can be exploited to leak data out of the CPU. AMD also states: “Potential vulnerabilities can be addressed by inserting an LFENCE or using existing speculation mitigation techniques as described in [2].” [2] refers to AMD’s most recent guide on how to manage speculative execution safely in AMD processors.

It is not clear how relevant these ongoing Meltdown and Spectre issues are to the consumer market. Intel CPUs that are vulnerable to MDS are vulnerable to this attack as well, and AMD’s Zen, Zen+, Zen 2, and Zen 3 are all affected. But in the more than three years since Spectre and Meltdown were disclosed, only one Spectre exploit is known to exist in the wild, and none targeting Meltdown. Meanwhile, companies continue to grapple with an epidemic of ransomware that clearly isn’t springing from speculative execution flaws.

Perhaps more to the point: Nobody seems much closer to fielding an actual replacement for speculative execution. The Morpheus chip we wrote about earlier this year is very interesting, but it’s also nowhere near to being a commercialized, shipping product for a number of reasons, not least of which is its speed. The performance benefit of executing some instructions before the CPU knows if it will need the results is one of the most fundamental building blocks of modern CPU cores. There’s a reason why every high-performance core from every company, x86 or not, uses speculative execution. They may use it differently with a different level of exposure to a specific type of exploit, but the attack surface here is enormous. Locking out all possibility of attack without killing performance has proven very challenging.

We’ve raised this point regarding Meltdown and Spectre-style attacks in previous articles about Intel and we’re raising it here as well. This is not meant to diminish the importance of hardware-based security, but after 3.5 years of disclosures, there’s very little evidence to suggest this is currently a meaningful problem.

Continue reading

The Best Smart Home Security Systems
The Best Smart Home Security Systems

Once a niche business with a few traditional players and some startups, home security systems are now a major battleground for not just security companies, but several internet giants. We round up highlights of the most popular options for 2020.

Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs

Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.