AMD

25 readers

1 users here now

For all things AMD; come talk about Ryzen, Radeon, Threadripper, EPYC, rumors, reviews, news and more.

founded 11 months ago

MODERATORS

[email protected]

AMD CacheWarp Vulnerability Afflicts Previous Gen EPYC Server CPUs, Patch Issued (www.tomshardware.com)

submitted 10 months ago by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

top 13 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 10 months ago (3 children)

As the commenter under that article stated, it's odd that AMD designed SEV in a way that the initial value is enough to pass the authentication.

[–] [email protected] 1 points 10 months ago

cmon, thats quite normal

- the NSA, probably

[–] [email protected] 1 points 10 months ago (1 children)

This is incorrect, the "default value" is a poorly translated example from the german article - this exploit does NOT rely on resetting any SEV-specific memory or similar.

[–] [email protected] 1 points 10 months ago (1 children)

I re-read the article and the original ComputerBase article, and I think I have a better understanding of it now. You can read my update and let me know if I'm still misunderstanding it.

[–] [email protected] 1 points 10 months ago

Yes, you understood correctly.

This is also not a rare occurence, you can programmatically find locations in a binary where un-doing a cached write allows manipulating control flow - there are more examples in the paper.

You will likely find these locations (called gadgets) in just about every binary - not because all devs are stupid and set the default to the "exploitable" case, but because this is how compiler code generation pans out in the grand scheme of things.

[–] [email protected] 0 points 10 months ago (1 children)

It's similar to when Mac OS accepted an empty password at login.

Pretty sure this sub will use the same defense as /r/apple did.

[–] [email protected] 1 points 10 months ago

I haven't seen anyone defend AMD with this, so I think we're doing okay for now.

[–] [email protected] 1 points 10 months ago

For those that are inevitably too lazy to click

The vulnerability affects first through third generation EPYC CPUs (Naples, Rome, and Milan), but AMD has only made a microcode patch for third generation Milan chips.

[–] [email protected] 0 points 10 months ago (1 children)

“SEV not intended to be protective” is the biggest load of horseshit I’ve heard, even intel didn’t beat around the bush with actually admitting they had flaws and patching them.

Amd didn’t patch the take-a-way or prefetch+TLB bleed either, because shipping a secure processor would have hurt their benchmark scores too much. So they just continued to ship insecure-by-default (and recommend against enabling the mitigations by default) those other times too.

[–] [email protected] 0 points 10 months ago (1 children)

"Secure Encrypted Virtualization"

"Not for protection"

What the fuck is it ? Marketing???

[–] [email protected] 1 points 10 months ago (1 children)

https://youtu.be/U7VwtOrwceo?t=1082

[–] [email protected] 1 points 10 months ago (1 children)

very good presentation

[–] [email protected] 1 points 10 months ago

I was waiting for this to resurface in my recommendations

https://www.youtube.com/watch?v=6qjrqn3ug0g