Vulnerabilities in AMD and Intel CPUs

© Blue Andy / shutterstock.com

Two newly discovered vulnerabilities in processors from Intel and AMD allow attackers to read external data. The vulnerabilities were discovered by research groups led by security researcher Daniel Gruss, who was already jointly responsible for the discovery of Specter and Meltdown.

The much more critical vulnerability is true to its name ÆPIC Leak (CVE-2022-21233). Most current Intel processors of the 10th, 11th and 12th generation are affected. According to the researchers, ÆPIC Leak is an architectural error in which sensitive data can be read directly. Unlike Meltdown and Specter, this is not a side-channel attack.

Due to the bug the researchers discovered, old data is not overwritten as desired. Using a circuit (interrupt controller, APIC), attackers can read unencrypted data that is actually safely stored in a so-called SGX enclave (Explanation) should be filed.

However, since the attack has some limitations, the researchers consider most systems to be secure. Administrator rights must be available for the attack. Also, not all of the data stored in the interrupt controller can be read out. If you want to be on the safe side and protect yourself from ÆPIC Leak, you can disable SGX. Intel has also already announced a Firmware update to fix the problem to work.

That is not quite as explosive second vulnerability which probably affects multithreading-capable AMD CPUs based on Zen 2 and Zen 3, but certainly the Ryzen 7 3700X, Ryzen 7 5700X and Epyc 7443 models.

In the Squip (CVE-2021-46778) The vulnerability named above is a side-channel attack with similarities to Spectre. Here, too, the efficient processing of commands is used.

To increase efficiency, the processor breaks down instructions into microinstructions, which are then sorted (out-of-order) and processed. However, the μ-Op scheduler responsible for sorting the microinstructions can be manipulated by attackers, which allows conclusions to be drawn about the processed instructions, including crypto keys for reading encrypted data.

To protect yourself from attacks with Squip, the researchers recommend, among other things, switching off SMT (Simultaneous Multithreading).

Vulnerability in the CPU

Apple M1: Security vulnerability PACman cannot be fixed

Apple’s M1 chip has a security flaw that’s not easily fixed. PACman also allows attacks against the OS kernel.

10.8.2022 from
Alan Friedrichs

Continue to home page

more on the subject

When will new CPUs appear?

New AMD and Intel processors 2022 – Current overview

What new CPU releases are Intel and AMD planning for 2022? We give an outlook on new processors in our preview for the current year.

AMD’s desktop processors at a glance

Everything you need to know about AMD Ryzen 7000 “Raphael”

Ryzen 7000 “Raphael” is scheduled for release at the end of 2022. We collect all information about the upcoming AMD processors.

May patch day at the CPU manufacturers

AMD and Intel patch processor vulnerabilities

The two processor manufacturers Intel and AMD have released security patches that fix several vulnerabilities in CPUs and peripherals.

CPU variants in the overview

Boxed or tray processors: these are the differences

Tray, Boxed, WOF? We reveal why there are different versions of the same CPU and what makes the variants different.

Google Chrome, Microsoft Edge and Co.

Current Intel CPUs cause slow Chromium browsers

Lags can occur with Chromium browsers such as Chrome or Edge in connection with current Intel CPUs. Intel itself offers some workarounds.