Another month, another report of security vulnerabilities. Normally, we don’t share this kind of news as we focus on gaming news. However, it appears that some new security vulnerabilities have surfaced for both AMD’s and Intel’s CPUs.
Regarding AMD’s CPUs, two new “Take A Way” attacks have surfaced. The first one is Collide+Probe and the second is Load+Reload. Both of them can leak secret data from AMD processors by manipulating the L1D cache predictor.
As the researchers claimed:
“We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+ Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last level-cache evictions.”
On the other hand, researchers have discovered a new vulnerability inside Intel’s Converged Security and Management Engine. According to the report, this vulnerability lies inside the Read-Only Memory (ROM) of the CSME. Not only that, but it cannot be fixed via a software update.
As the researchers claimed:
“Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect.”
Kudos to our reader Metal Messiah for bringing this to our attention!
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email