Source URL: https://it.slashdot.org/story/25/07/09/1835230/amd-warns-of-new-meltdown-spectre-like-bugs-affecting-cpus
Source: Slashdot
Title: AMD Warns of New Meltdown, Spectre-like Bugs Affecting CPUs
Feedly Summary:
AI Summary and Description: Yes
Summary: AMD has identified a newly discovered side-channel attack, known as the Transient Scheduler Attack (TSA), which poses a potential information disclosure risk across a variety of its chip models. Although the vulnerabilities were initially rated as medium and low severity, they have been assessed as “critical” by security firms due to the complexity of executing these exploits.
Detailed Description: The Transient Scheduler Attack (TSA) comprises four distinct vulnerabilities found in AMD processors, similar to previously known vulnerabilities like Meltdown and Spectre. The core aspects of this attack and its implications for security professionals are noteworthy:
– **Vulnerabilities Identified**:
– Four vulnerabilities have been discovered within AMD’s architecture during an investigation initiated by information from Microsoft regarding microarchitectural leaks.
– The vulnerabilities are categorized into medium and low severity. Despite this, they have garnered critical attention from cybersecurity firms.
– **Complexity of Exploit**:
– Though rated lower in impact, executing a successful attack requires the attacker to have the ability to run arbitrary code on the target machine, highlighting the complexity and prerequisites involved.
– **Affected Chip Models**:
– The vulnerabilities impact a wide range of AMD processors, including desktop, mobile, and datacenter models, particularly the 3rd generation and 4th generation EPYC chips.
– **Security Concerns and Expert Assessment**:
– Security firms like Trend Micro and CrowdStrike have rated the threat as “critical.” This reflects a consensus in the cybersecurity community that even vulnerabilities rated as “low” or “medium” can present significant risks under certain conditions.
Key Implications for Security Professionals:
– **Awareness of Emerging Threats**: It’s crucial for security professionals to remain vigilant about new vulnerabilities as they arise, particularly those affecting widely used hardware.
– **Risk Management**: Organizations using AMD hardware may need to assess their risk exposure and implement mitigation strategies, considering the nature of the vulnerabilities.
– **Incident Response Preparedness**: The nature of the TSA attack underscores the importance of having robust incident response plans in place, especially for systems involving critical data handling.
This incident serves as a reminder of the evolving landscape of threats in hardware security and the continuous need for vigilance in cybersecurity practices.