advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
AMD Ryzen
Facebook
X
LinkedIn
WhatsApp
Reddit

Researchers discover critical AMD CPU flaw but AMD says it’s nothing new

Researchers at the Graz University of Technology have discovered an alleged flaw in AMD CPUs that goes back as far as 2011.

In a research paper the flaws are detailed as two Take A Way attacks namely Collide+Probe and Load+Reload. Together, these two attacks can lead to a target PC being compromised by manipulating the L1D cache predictor.

The researchers found that the security flaw was present in CPUs starting with the Bulldozer series. The Piledriver, Steamroller, Zen, Zen+ and Zen 2 series are also affected.

According to a report by Tom’s Hardware, the researchers were able to exploit the vulnerability using JavaScript on Chrome and Firefox browsers.

Using the exploit, the researchers were able to gain access to AES encryption keys.

The Take A Way attacks can also be used to penetrate cloud deployments in data centers which is incredibly worrying.

But AMD doesn’t seem to be as concerned as the folks at Graz University of Technology.

“We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way,” AMD said in a statement on its website.

“AMD believes these are not new speculation-based attacks,” said the firm.

The chipmaker goes on to say that users should keep their operating system up to date as these updates include mitigations for existing speculation-based attacks.

AMD went on to say that it follows secure coding methodologies and implements the latest patched versions of critical libraries.

And this is where things can potentially get very messy.

According to the Tom’s Hardware report, the researchers received “additional funding” from Intel. The lead researcher stated on Twitter that this funding was provided to a student and was included in the acknowledgements as a matter of due course.

Until such time as AMD acknowledges that Collide+Probe and Load+Reload affect its CPUs – if at all – we recommend updating your software so as to mitigate any potential risk.

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

There are levels to AI, four of them according to Honor

Students searching for scholarships the latest phishing target

Eaton’s UPS Trade-In campaign aims to assist with ewaste

Every second person online is a bot – new report

Cheap ransomware poses a massive threat to small businesses

China is restricting American apps citing security concerns

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.