- AMD finds four defects, separately in gravity, but powerful when combined
- Together, they can be abused in information dissemination attacks
- The list of affected devices is quite extensive, so it is on guard
AMD has discovered that several security vulnerabilities that affect many of its chips can chain to create a worrying trick that could result in a dissemination of information.
The four vulnerabilities are traced as CVE-2024-36349 (3.8), CVE-2024-36348 (3.8), CVE-2024-36357 (5.6) and CVE-2024-36350 (5.6). Together, they can be used in a so -called transitory planner attack (TSA), a side channel or a time -based attack that probably exploits transient programming decisions taken by the CPU planner to filter information.
Since this is a lateral channel attack that results in the dissemination of information, it is similar to the infamous Meltdown and Specter failures that dominated the security scene for months.
Systems update
Separately, vulnerabilities received relatively low gravity scores, since devices must compromise in advance, either by physical presence or malware, before they can take advantage.
In addition, the TSA would need to be executed many times before any significant data could be extracted.
This is how a theoretical attack would occur: a CPU expects load instructions to be completed quite quickly. However, if there is a condition that prevents them from doing so, a “false completion occurs.” Since the load was not completed, the load data was forwarded to the dependent operations, affecting the moment of the instructions that the CPU executes, something that the attackers can observe.
The worst case is that AMD chips filter information from the operating system core, but other virtual applications or machines could also filter data.
A patch is now available, and AMD advised the system administrators to update the latest Windows versions as soon as possible.
Those who cannot install the patch can quickly implement an alternative solution that involves a Verw instruction, but AMD has advised, since it could reduce system performance. In any case, details about mitigation can be found here.
The complete list of all affected chips, including Epyc, Ryzen, Instinct, Ahtlon and others, can be found in AMD’s notice.
Through The registration
