Subj : This security flaw could affect nearly all CPUs - but it might no
To   : All
From : TechnologyDaily
Date : Thu Aug 03 2023 16:15:04

This security flaw could affect nearly all CPUs - but it might not be all bad

Date:
Thu, 03 Aug 2023 15:06:21 +0000

Description:
Theres a vulnerability affecting most or all general-purpose CPUs, but 
executing an attack isnt easy outside of a lab.

FULL STORY
======================================================================

A new vulnerability has been identified affecting a wide number of CPUs, but 
users have been told not to be overly concerned, given the sheer complexity 
of carrying out an attack. 

Thats according to chipmaker AMD, who believes that it is difficult to 
execute the attack/exploit of this vulnerability in the real world or outside 
of a controlled/lab-type environment. 

The warning came from a group of researchers from the Graz University of 
Technology and CISPA Helmholtz Center for Information Security. 
Software-based Power Side Channel widely affecting CPUs 

The issue, known as Collide+Power, presents a potential power side-channel 
vulnerability affecting processors that could allow authenticated attacks to 
monitor CPU power consumption, which in turn may lead to the leak of 
sensitive information. Read more 

 > These are the best malware removal tools 


 > Microsoft is fixing a load of serious Intel CPU security flaws 


 > Your old discarded printer could be hiding security secrets - here's what 
to do 

The vulnerability has been tracked as CVE-2023-20583 and was awarded a 
severity level of low. 

Ahead of a full investigation, AMD has confirmed that EPYC server processors 
contain a performance determinism mode which can be used to reduce this type 
of leakage and that Ryzen client processors support a core boost disable bit 
that can help reduce the changes in frequency. 

 ARM also shared some information about the issue at hand, but Intel has not 
yet provided guidelines specific to Collide+Power. Even so, the chipmakers 
appear to have been cooperative in reaching an agreement to rectify the 
vulnerability. The team behind the discovery said: We thank the vendors AMD, 
ARM, and Intel for professionally handling the responsible disclosure. 

In its own statement, Amazon said that AWS customers data and instances are 
not impacted by Collide+Power. 

A full breakdown of how an attacker may be able to get access to sensitive 
information via a machines CPU can be found on the Collide+Power website . 
Moving forward, the Graz and CISPA researchers see a solution in preventing 
attackers from observing power-related signals rather than redesigning 
general-purpose CPUs which is a sizeable task by any measure. Boost your 
cybersecurity with the best endpoint protection and the best firewalls



======================================================================
Link to news story:
https://www.techradar.com/pro/this-security-flaw-could-affect-nearly-all-cpus-
but-it-might-not-be-all-bad


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.