Boffins Devise – Side Channel Attack
Researchers devised a new side-channel attack that affects AMD CPUs. This set of researchers earlier discovered the Spectre and meltdown vulnerabilities that created a havoc years back that exploited in wild.
The new attacks leverage time and power measurements of prefetch instructions, experts pointed out that their variations can be observed from unprivileged user space.
We discover timing and power variations of the prefetch instruction that can be observed from unprivileged user space. In contrast to previous work on prefetch attacks on Intel, we show that the prefetch instruction on AMD leaks even more information.Researchers Publication
The researchers demonstrated the first microarchitectural break of exploit mitigation technique KASLR on AMD CPUs. They monitored kernel activity and were able to establish a covert channel. The team also demonstrated also how to exfiltrate data from kernel memory using simple Spectre gadgets in the Linux kernel.
The flaws were collectively tracked as CVE-2021-26318, according to AMD the medium severity flaws impacts all of its CHIPS. Since there is no direct impact and data leakage can happen.
The researchers reported their findings to AMD and AMD acknowledged the findings and provided feedback. Countermeasures and mitigation strategies for the presented attacks as below.
- Page Table Isolation.
- Prefetch Configuration MSRs.
- Restricting Access.