CySecurity News - Latest Information Security and Hacking Incidents

Zen 1 Vulnerability AMD Patchwork Proved Weak, Second Pass Issued

While AMD engineers have already patched their Zen 1 “Division by Zero” bug, it was not the end of their problems, as the company may have released a patch quickly, but perhaps a little too quickly: claims Borislav Petkov, an AMD Linux Engineer. He apparently fixed the issue concerning AMD with the original solution (mentioned in a statement published by Petkov). It is just another example of the challenges in protecting against potential attack routes.

According to the findings, AMD’s CPU may have kept “stale quotient data” within its registers even after the patchwork was over, consequently providing attackers with a window to retrieve private information. The original fix was to conduct a final “dummy division 0/1 before returning from the #DE exception handler.” The idea is quite straightforward: after completing the 0/1 division, which always yields zero results, any remaining old data would be eliminated.

The drawback of the fix, explained by Petkov, was that the speculative execution attack would have progressed too far by the time that the security feature took effect. There would already be some outdated data on AMD’s divider, which the attackers could access before the dummy division kicked in. 

Petkov notes that his new solution now upholds that same division in several scenarios:

“Initially, it was thought that doing an innocuous division in the #DE handler would take care to prevent any leaking of old data from the divider but by the time t

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: