Intel has revealed several apparent shortcoming in some of the security protections offered by its great rival AMD.
The company had recently discovered new Spectre-like vulnerabilities affecting both its chips, as well as those produced by ARM. AMD’s devices were reportedly immune, but while Intel was investigating its rival's previous patches to try and find a way to mitigate the new flaws, it found them to be broken.
AMD was immediately notified, and the company quickly pushed a new security bulletin, updating its guidance, and recommending an alternative solution to the Spectre problem.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
AMD issued the flawed solution back in 2018, and now it would seem that almost every modern AMD processor, including Ryzen and EPYC families, is affected.
No known exploits
In its security bulletin, AMD acknowledges the problem, but adds that there is no evidence of the flaw being abused on any endpoints (opens in new tab) in the wild.
Last week, news broke of a new variant of the dreaded Spectre vulnerability being discovered, albeit in a proof-of-concept. However, the sheer promise of its destructive power prompted all major chipmakers into action.
Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI).
It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords.
The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2).
> How to protect against the Meltdown and Spectre CPU security flaws (opens in new tab)
> Microsoft rolls out Meltdown and Spectre fixes for Windows 7 and 8.1 (opens in new tab)
> Keeping your CPU safe from Spectre imposes serious performance penalty (opens in new tab)
Fortunately, this is also just a proof-of-concept vulnerability that is already being mitigated by both companies, which means its use on laptops (opens in new tab) or computers in the wild should be relatively limited. However, previous fixes all affected the performance of the chips, a problem that might rear its ugly head, once again.
Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.
A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on this link (opens in new tab).
- Check out the best workstations (opens in new tab) right now
Via: Tom's Hardware (opens in new tab)