#cpubug — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cpubug, aggregated by home.social.
-
Es gibt wohl mal wieder einen neuen #CPUBug in Prozessoren von #Intel - #CVE-2022-40982 aka INTEL-SA-00828 erlaubt es Daten anderer Nutzer auf dem selben System auszulesen. Betroffen sind CPUs zwischen #Skylake und #TigerLage. As usual gibt es für supportete CPUs einen neuen Microcode, der einen Workaround implementiert (und Performance kostet)
https://downfall.page/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html -
During this year's #BlackHat conference, security researcher Daniel Moghimi is set to present "Downfall", a new speculative execution vulnerability found in Intel processors from 2014-2023.
This new speculative execution vulnerability if exploited could allow attackers steal encryption keys & passwords.
Intel noted that they haven't seen this vulnerability being exploited in the wild and that detection is difficult.
Moghimi stated that exploiting was relatively easy, he goes on to say:When I discovered this vulnerability, it took me maybe a couple of weeks to come up with attacks that work. I was just a one-person researcher without any resources, you can imagine if you have a team of black hat hackers, you can probably do a lot more with it.
While the flaw exists in hardware, Intel has provided microcode updates & the #Linux kernel maintainers have published mitigations for this flaw in today's kernel release.
#infosec #cybersecurity #DOWNFALL #speculativeexecution #Intel #CPUBug
- https://cyberscoop.com/downfall-intel-cpu-vulnerability/
- https://www.bleepingcomputer.com/news/security/new-downfall-attacks-on-intel-cpus-steal-encryption-keys-data/ -
New Intel speculative execution CPU bugs
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
updated microprocessor microcode available