New vulnerability to Meltdown attacks found in AMD processors – developers will not fix it

Specialists from the Graz University of Technology in Austria and the Helmholtz Center for Information Security (CISPA) have released information on a vulnerability affecting all AMD processors. According to available data, the CVE-2021-26318 vulnerability can be used to conduct Meltdown attacks.

Image: AMD

Image: AMD

Attackers can use this vulnerability to organize hidden data transmission channels, monitor activity in the kernel, or obtain information about addresses in kernel memory to bypass protection based on address randomization in the course of exploiting vulnerabilities in the kernel. Note that AMD does not consider it necessary to take any special actions to fix the problem, since the CVE-2021-26318 vulnerability is of little use in real conditions, is limited by the current boundaries of the process address space and requires certain ready-made instruction sequences in the kernel.

In the course of the experiment, specialists managed to use the vulnerability to organize a data leakage channel from the kernel to a process in user space at a rate of 52 bytes / s. Also, several methods have been proposed for extracting data deposited in the cache via side channels, one of which is based on the analysis of deviations in the execution time of the processor instruction PREFETCH. The second option involves analyzing the change in power consumption when the same instruction is executed.

To protect against this type of attack, AMD recommends using secure coding techniques to help block Meltdown attacks. The researchers themselves also recommend activating stricter memory page table isolation (KPTI), which was previously successfully used for Intel processors.


About the author

Dylan Harris

Dylan Harris is fascinated by tests and reviews of computer hardware.

Add Comment

Click here to post a comment